Personal Information Protection Policy
Sanrio Group Personal Protection Policy
Based on our shared awareness of personal information as an important right that concerns the rights and interests of individuals, the Sanrio Group (hereinafter, “the Company”) pledges that its executives, employees, and all staff will adhere to legislation for protecting personal information while appropriately handling and protecting personal information in accordance with the following policy.
The Company will only request personal information such as customers’ name, address, telephone number, and email address after notifying them of the purpose of use and the contact for inquiries.
The Company will use personal information provided only within the scope of purposes acknowledged by the customers.
The Company will not provide or publish the customers’ personal information to third parties, excluding cases where customers have already given acknowledgment, tasks are to be outsourced or it is otherwise justified.
The Company will manage the personal information provided by customers appropriately by designating persons in charge of personal information in every organization and department that handles such information.
The Company will endeavor to maintain the personal information provided by customers in accurate and updated form as well as to ensure and improve security to manage its safety.
The Company will respond appropriately to customers who wish to see their own personal information or direct other inquiries to the Company’s relevant contact persons.
The Company will adhere to laws and other norms for handling customers’ personal information as well as will endeavor to continuously enhance and improve the above items and company regulations.
Please direct questions and inquiries relating to the Company’s personal information protection policy and customers’ personal information to the below. Adopted March 25, 2005
Personal Information Protection Policy for the Official Sanrio Website Based on the Sanrio Group’s Personal Information Protection Policy, the Company’s website is defined as follows.
• Cookie Use
The Company’s website may send information called cookies to the Internet viewing software (browser) in use by the customer when using the website. Cookies are currently in common use by many websites. Cookie use allows the Company to display contents and provide services more appropriately to returning customers by referencing access log information that shows what pages on the website the customer has visited in the past, for example.
Unless specified on the website, personal information will not be obtained through cookies. If the customer does not wish for browser information to be collected, they may configure their browser by themselves to turn off the cookie function, but note that this may prevent use of some of the services. For configuration, please see “Help” or “Preferences” of the browser in use.
• Obtaining Access Log
The Company obtains customer access data from the website in order to conduct statistical analysis for the sake of improving customer convenience and service quality as well as to display optimal web contents and advertisements. However, it is never used for any other purposes or to collect personal information. The information contained in an access log is time and date of access, access count, IP address, type of browser used, cookie information, and so on, and does not gather information with which individuals can be identified.
• Access Log Analysis by and Advertisement Display Outsourcing to Third Parties
The Company may provide third-party outsourcing partners with access logs (not containing personal information) to cross-reference and analyze with information held by them or to outsource advertisement display based on such analytical results, with the aim to increase customer convenience and service quality as well as to display advertisements more efficiently.
If the customer does not wish for advertisements to be displayed based on such analytical results from relevant outsourcing, we ask that they access the opt-out page on the outsourcing partner’s website and configure their browser and applications to turn off those advertisements by following the steps described there.
• Third-Party Links on the Company’s Website
If a user clicks a third-party link, banner, text, or such on the Company’s website, the web server accessed may send cookies to the user’s computer. The Company cannot take responsibility for this since the use of such cookies is regulated by the policies relevant to each link destination. The Company also cannot take responsibility for any provision or collection of personal information at third-party online link destinations or the websites of advertisement owners. Please see the homepage of each destination for their policy.
• Social ID Login
When a customer accepts the linking of the Company’s website with a social network service or other external service, that external service or the Company may request the customer to provide information as specified.
The data provided may be used to register the customer, confirm the customer’s identification, and otherwise provide, maintain, protect, and improve services on the Company’s website.
However, please note that information provided by the customer to the external service is not managed by the Company but is regulated by the user agreement and personal information protection policy of the external service, which differ from the Company’s user agreement and personal information protection policy.
Adopted July 23, 2018
To make this website (“Website”) work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the website. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the website or browse from one page to another.
The types of cookies used on this Website.
• First-party cookies: cookies that are set by a website that is being visited by the user at the time.
• Third-party cookies: cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website, this would be a third-party cookie.
• Session cookies: cookies that are used exclusively for a single session and are not kept once the user leaves the website.
• Permanent cookies: cookies that are kept and reused each time the user comes back to the respective website.
How do we use cookies?
We use cookies to:
• estimate our audience size and usage pattern;
• store information about your preferences by tracking, etc., and so allow us to customise our Website according to your individual interests including advertising;
• measure the effectiveness and efficiency of the advertisement;
• speed up your accesses;
• recognise you when you return to this Website; and
• enable this Website to provide better browsing experience.
These cookies are not used for any purpose other than those described above. Some of these cookies are deleted when a user closes their browser, and the others have a variable expiry date.
Third-party cookies are set through our sites by our partners below and controlled by them:
• Business Search Technologies Corporation
Click the name of the company for details about privacy.
Generic Google Analytics cookies
These cookies are used to collect information about how visitors use our Website. We use the information to compile reports and to help us improve the Website. The cookies collect information in an anonymous form, including the number of visitors to the Website and blog, where visitors have come to the Website from and the pages they visited.
Read Google's overview of privacy and safeguarding data
How to control cookies
You can control and/or delete cookies as you wish - for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
Sanrio Company, Ltd. (“Sanrio”) may have occasion to collect and process Personal Data (as defined below). This Privacy Policy (this “Policy”) applies to the processing of Personal Data concerning data subjects in the European Economic Area (“EEA”) in accordance with the General Data Protection Regulation (the “GDPR”).
1. Personal Data
In this Policy, Personal Data means any data relating to an identified or identifiable natural person (“Personal Data”). Sanrio may acquire and process Personal Data, including the name, address, telephone number, gender, nationality, occupation, job title, and email address of a natural person in the EEA.
2. Use of Personal Data
Sanrio acquires and processes Personal Data for the following purposes:
• Providing services to relevant clients;
• Legitimate business interests, such as undertaking business research and analysis or managing the operation of the business
• Public relations, such as responding to inquiries
• Engaging in marketing and business development activities in relation to the services. This may include sending client newsletters, marketing communications and other information that may be of interest to them;
• Defense of certain rights or interests;
• Compliance with legal and regulatory obligations that Sanrio has to discharge; and
• Managing customer relationships
Sanrio relies on the following legal grounds to process Personal Data:
• The data subject’s consent expressly given to process his/her Personal Data in such manner. The data subject may withdraw his/her consent to this processing at any time; however, this will not affect the lawfulness of any processing carried out before withdrawal of the consent;
• Entering into a contract with a data subject or performing obligations under a contract with a data subject;
• Legitimate interests, some examples of which are given above; and
• Compliance with applicable laws or regulations
3. Disclosure to Third Parties
Sanrio may supply or disclose Personal Data, without the data subjects’ prior consent, to Sanrio’s group companies and other third parties that are Sanrio’s service assignees. Sanrio may also supply or disclose Personal Data to third parties when it is necessary for some other justifiable reason permitted by the laws and regulations.
4. Cross-Border Transfer
Personal Data may be transferred to entities in countries or jurisdictions outside the EEA, such as Japan, if required for the purposes as described above. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and will not afford many of the rights conferred upon data subjects in the EEA. Sanrio will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by the GDPR or other relevant laws. When doing so, Sanrio will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of Personal Data.
5. Retention of Personal Data
Sanrio will retain Personal Data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law.
6. Rights of Data Subjects
Data subjects have the right to access, request correction of, request deletion of, request the limitation of processing of, object to the processing of, and request the data portability of their Personal Data retained by Sanrio. When Sanrio receives a request based on the right specified above, Sanrio shall conduct any necessary investigation without delay and provide data subjects or nominated third parties with Personal Data or respond to such rights without delay.
While there will not generally be any detrimental effects for the data subjects if they fail to provide their Personal Data, Sanrio may need to collect Personal Data to process data subjects’ instructions or perform contracts with them. In such case, Sanrio may have to cancel the engagement or contract such data subjects have with Sanrio, and will notify them thereof at that time.
7. Right to Lodge Complaint with Data Protection Authority
Data subjects have the right to lodge a complaint with the local data protection authority if they have a complaint with regard to Sanrio’s processing of their Personal Data.
8. Contact
For any questions about this Policy, Sanrio’s privacy practices or your rights described in “Section 6. Rights of Data Subjects”, please contact us at the following:
[Department] Global Business Division Section 2 EMEA
[E-mail address] hqglobal2_emea@sanrio.co.jp
[Phone number] +81 3 3779 8111
Enacted as of 27 August, 2018
