Privacy policy
December 22, 2023
Each of the companies of the ENEOS Group (meaning the corporate group comprising of ENEOS Holdings, Inc. and its affiliated companies, the “Group”) hereby commits to comply with the applicable laws and regulations, guidelines, the “ENEOS Philosophy of the Group,” the “ENEOS Code of Conduct,” internal regulations as well as this Privacy Policy in handling the personal data of the Group’s customers (including individual customers and corporate representatives, as well as those who are interested in the Group’s products, services, activities and the like), as well as handle such personal data appropriately.
1.Framework for Personal Data Protection
The Group has established and will maintain a framework to appropriately protect personal data; formulate a compliance program to ensure that its officers and employees fully protect personal data; and continuously implement and improve such framework and program.
2.Security Control of Personal Data
In every process of obtaining, using, disclosing and administering personal data, the Group endeavors to administer such personal data in a secure and accurate manner and in the most recent state, and thoroughly implement security control measures, including those enumerated below, to prevent the leakage of, and unauthorized access to, personal data:
- (1)Establishment of basic policies
To ensure the appropriate handling of personal data, the Group has established basic policies, including this Privacy Policy. - (2)Maintenance of rules on the handling of personal data
The Group will maintain rules on obtaining, using, disclosing and administering personal data, as well as internal rules and regulations that set forth the responsibilities and the like of the persons handling personal data. - (3)Organized security control measures
The Group will maintain the framework necessary to protect personal data, where our president is ultimately responsible therefor. - (4)Human security control measures
The Group has implemented on-the-job trainings and other instruction courses on points to pay attention to, in the handling of personal data. - (5)Physical security control measures
The Group has implemented security control measures to prevent theft, loss and the like of instruments, electronic media, documents, or the like that handle personal data. - (6)Technical security control measures
The Group has implemented access controls where restrictions have been placed on the scope of the handling persons according to the content of the personal data. - (7)Understanding the external environment
For cases where personal data is stored abroad, the Group has implemented appropriate security control measures after understanding the system in the relevant foreign country concerning the protection of personal data.
The Group may also contract out a part of its business and provide personal data to its consignees to the extent necessary to fulfill the purposes of the use of the personal data. In such cases, the Group will enter into an agreement with each consignee concerning the handling of personal data, and appropriately administer and supervise them.
3.Details of Personal Data Handled by the Group
The Group obtains the following personal data concerning customers from the customers themselves, companies belonging to the Group, business partners of the Group, and other similar entities:
- (1)Customer information
The name, mail address, address, age, sex and nationality, as well as the name and location of, section and title/position in, the company a customer is working at, account information, including SNS, and other customer information. - (2)Details of transactions with the Group
Information concerning the details of customers’ transactions and purchase history, bank accounts and payment information of credit cards or the like and other information generated in the course of customers’ transactions with the Group. - (3)Information generated from the use of the Group’s website
The registered ID, password, IP address, browsing history of and date/time of access to the website, information concerning terminals/OS/browsers or the like that customers are using, location information, other status of use of the services, as well as analytical findings based on such information (such as information concerning the Group’s products and services which customers are presumed to be concerned with or interested in), and other information generated from the customers’ use of the Group’s website. - (4)Other information
Information concerning the customers’ comments, requests, inquiries, replies to surveys to and communication or the like with the Group, records of customers’ entry into and exit from the Group’s offices, security camera footage, and other information provided to the Group based on any involvement of the customers with the Group.
4.Purpose of Use of Personal Data
The Group will use the customers’ personal data for the following purposes or other purposes for which a separate notification or the like to the individual is required:
- (1)Performance of any contract for the Group’s products and/or services as well as communications relating thereto.
- a.Provision of products and/or services pursuant to the terms of the subject contracts, and settlements thereunder.
- b.Communication on requisite matters concerning the subject contracts.
- c.Arrangements, shipments and after-sale services for products and/or services used by the customers.
- d.Responses to comments, requests, inquiries and other matters concerning the contracts.
- (2)Promotions regarding the Group’s products and services.
- a.Information concerning products and/or services and promotions, including newsletters, mail magazines and advertisements.
- b.Promotions on various campaigns, trade exhibitions and the like.
For avoidance of doubt, to fulfill these purposes, the Group may analyze the information obtained therefor, such as the customers’ browsing history and/or purchase history, and direct messages tailored to the customers’ concerns and/or interests.
- (3) Planning/development/analysis/improvements of the Group’s products, services and the like.
- a.Planning/development of new products/services
- b.Analysis, quality improvement of, and enhancing dealings with people concerning existing products/services.
- c.Investigation and analysis of the status of sales and usage as well as planning and development using the results thereof.
- d.Implementation/analysis/measurement of effects/use of survey research associated with marketing activities.
- (4)Improvement of and other activities concerning the Group’s website.
- a.Improvement of user-friendliness and other qualities of the website.
- b.Planning/development based on the usage status of the website.
- (5)Responses to comments/requests/inquiries to the Group.
- (6)Rendering services consigned to the Group.
- (7)The Group’s responses to statutory obligations and requirements (including reports to regulatory authorities in Japan and abroad, judicial/administrative bodies, and exchanges, as well as responding to audits conducted by such authorities and bodies) and implementing the necessary investigations and other responses in relation to governance in the Group and the exercise of its rights.
- (8)Implementation of other responses associated with fulfilling the aforementioned purposes.
5. Joint Use
The Group may jointly use the following personal data of customers:
- (1)Personal data to be jointly used: all of the personal data obtained by the Group.
- (2)Scope of the joint users: all of the companies belonging to the Group (including companies that will join the Group in the future).
- (3)Purposes of use by the joint users: the purposes of use specified in section 4 above.
- (4)The company in charge of administering the joint use of personal data: ENEOS Holdings, Inc.
6.Provision to Third Parties
The Group shall not disclose or provide the personal data obtained thereby except for cases that fall under any of the following items:
- (1)In cases where prior consent by the customer is obtained.
- (2)In cases where it is necessary to protect human life, body and/or property, and it is difficult to obtain the customer’s consent.
- (3)In cases where it is specifically necessary for the enhancement of public health or furtherance of the healthy nurturing of children, and it is difficult to obtain the customer’s consent.
- (4)In cases where it is necessary to cooperate with a national or local government or other entities in implementing public affairs and there is a risk of hindering the implementation of such public affairs by obtaining the customer’s consent.
- (5)In cases where the relevant third party is an academic research institution or a similar entity and such personal data is required to be handled for the purpose of using the same in academic research (including cases where a part of the purpose of handling the personal data is for academic research except where there is a risk of unjustly infringing on an individual’s rights and interests).
- (6)Other cases in accordance with laws and regulations.
7.Cross-border Transfer of Personal Data
In cases where the Group provides personal data to a third-party entity in Japan or abroad, including a consignee of services and/or joint user, the Group shall take the necessary and appropriate measures in accordance with applicable laws and regulation.
8.Period of Retention of Personal Data
The Group shall retain the customers’ personal data only for the period necessary to fulfill the purposes of use of the customers’ personal data, to comply with applicable laws and regulations or to address to customers’ requests. Upon the termination of the retention period, the Group shall delete the customers’ personal data or implement measures to retain such personal data in a manner where such personal data is not capable of identifying the customers.
9.Use of Cookies and the Like
A cookie is a small text file downloaded in the browser of a device (such as a computer and smart phone) and used when a customer accesses a website. Through the use of cookies, the Group can recognize the device of a customer, and obtain information concerning the customer’s browsing history, status of use of the website or the like.
The Group uses “Google Analytics” of Google LLC. While Google Analytics collects, records, and analyzes the user’s status of using this service, the Group utilizes the findings therefrom to improve the Group’s website.
For the structure in which data is collected and processed through Google Analytics, please see (https://policies.google.com/technologies/partner-sites?hl=en).
10.Response to Inquiries and Requests for Disclosure, Correction, Suspension of Use and Other Requests
In cases where an inquiry by a customer is received concerning the handling of his/her own personal data (limited to information specified as the subject of the disclosure or the like by applicable laws and regulations, such as the “personal data held by the business” stipulated under Japanese law), hereinafter the same shall apply in this section 10), or cases where a request is made for the exercise of any of the following rights, the Group shall appropriately and quickly address the same after confirming that the inquiry or the request was made directly by the customer:
- (1)Notification of purposes of use of personal data or disclosure of personal data.
- (2)Correction, addition or deletion of personal data.
- (3)Suspension of use of personal data or the provision thereof to third parties.
Customers may request for the correction, addition, or deletion of personal data. The Group shall address the same to the extent provided by laws and regulations after acknowledging such request.
<Where to Inquire>
- (1)Inquiries to ENEOS Holdings, Inc.
- *Upon making an inquiry, please acknowledge and accept the terms set forth in the prescribed form for inquiries.
- (2)Inquiries to other entities of the Group
Each entity of the Group shall address the inquiries. In cases where an inquiry is made in the manner described in item (1) above, please note in advance that it may be referred to each of the entities of the Group.
11.Amendments to this Privacy Policy and Notifications
The Group may amend all or a part of this Privacy Policy. In case of an amendment, notice on the details thereof shall be provided on the Group’s website.
Miyata Tomohide, Executive Vice President and Representative Director
ENEOS Holdings, Inc.
1-1-2 Otemachi, Chiyoda-ku, Tokyo, 100-8162, Japan