Handling of personal information

In accordance with our Privacy Policy, our Group handles our customers’ personal information as follows.

1. Collection and registration of personal information

Customers’ personal information will be kept and registered in our Group’s database within the scope of the following business activities of our Group:

  • Information received over the phone or on specified forms for placing orders, sending catalogs, or completing a survey, etc., as well as information registered by the customer for online shopping
  • Information given to us by customers in relation to changes or notifications for customer reasons
  • Information arising from transactions with our Group
  • Information provided by the customer through comments, inquiries, etc. (telephone calls may be recorded to ensure the accuracy of the content)
  • Information given to us when responding to quizzes and gift campaigns
  • Information entrusted to us by the customer’s family members, relatives, acquaintances, etc. to send catalogs, etc. to the customer
  • Information on our Group’s shareholders as listed in our List of Shareholders
  • Information given to us by job applicants
  • Information relating to our officers, employees, or retirees

2. Personal information of persons under 16 years of age

We ask that a parent or guardian give their consent when a customer under 16 years of age is to provide their personal information to our Group.

3. Intended use of personal information

The purposes for which we use our customers’ personal information are as shown below. Only the minimum information required for smooth execution of the following purposes and related administrative tasks will be used.

  • Sending of product information to our customer, such as our Group catalog, direct mail, and other notifications
  • Tasks relating to payment, such as the sending of delivery slips, invoices, order statements, automatic debit notices, etc.
  • Sending of products ordered, provision of services, etc.
  • Management and operation of quizzes and gift campaigns, as well as the sending of reports and gifts for the same
  • Logon authentication for content using web services
  • Site management and session management (such as retention of shopping cart information)
  • Notification of transactions relating to our business or services, contract fulfillment, business negotiations
  • Management of information on suppliers and clients
  • Requesting feedback on our Group’s products and services
  • Responding to inquiries from customers
  • Providing information regarding campaigns, etc. which the customer has entered
  • Providing information to shareholders and managing shareholders/shares
  • Providing information on recruitment and screening applicants
  • Carrying out procedures relating to human resources, labor management, payment of remuneration, social insurance, taxation, etc.

4. Security control measures for personal information

Our Group takes the following measures for the appropriate management of personal data including the prevention of leakage, loss, or damage of personal data.

  • Establishment of basic policy
    • Establishing our “Privacy Policy” and “Handling of personal information” to ensure proper handling of personal data and compliance with relevant laws, regulations, guidelines, etc.
  • Establishment of rules relating to the handling of personal data
    • Establishing our “Personal Information Management Rules” regarding the handling of personal information as well as persons responsible, persons in charge, and their duties, etc.
  • Institutional security control measures
    • Appointing of a person responsible for the management of personal data, clearly defining personnel to handle personal data and the scope of personal data to be handled by said personnel, and establishing of systems for reporting and notification when facts or signs of breach of laws or handling rules are identified.
    • Conducting regular self-inspections and internal audits in relation to the handling of personal data.
  • Personnel security control measures
    • Conducting regular training for personnel in regard to points of concern relating to the handling of personal data.
    • Inclusion in employment regulations of non-disclosure clauses relating to personal data.
  • Physical security control measures
    • Controlling employee access to rooms and placing limits on the devices brought in, and implementing measures to prevent unauthorized persons from viewing personal data.
    • Taking measures to prevent theft or loss of electronic media, documents, etc., as well as to prevent personal data from being easily discovered when carrying said devices, electronic media, etc., including when moving within the business premises.
  • Technological security control measures
    • Implementing access control on the main server, placing limits on personnel in charge and the scope of personal information databases, etc. handled.
    • Adopting mechanisms to protect the main server from unauthorized external access or malware.

5. Provision of personal information

Customers’ personal information will not be provided to third parties except in the following cases.

  • When outsourcing work to an outside partner, etc., for the purpose of delivering products, services, or other items to customers or to contact the customer
  • When providing information to a third party with the customer’s consent
  • When the Group deems it necessary to do so in response to inquiries or disclosure requests based on laws and regulations

6. Shared use of personal information

Customers’ personal information will be kept and registered in our Group’s database within the scope of the following business activities of our Group:

  • In accordance with the provisions of the law, we may share our customers’ retained personal information for purposes such as those shown below.
    • Types of personal information which may be put to shared use
      • Name, address, telephone number, e-mail address, date of birth, etc.
    • Scope of shared use
      • Riken Food Co., Ltd. Kenseido Co., Ltd.
      • Shinken Sangyo Co., Ltd. Sunny Packaging Co., Ltd.
      • Eiken Shoji Co., Ltd.
    • Purposes of shared use
      • To provide the customer with direct mail, e-mail, telephone calls, etc. relating to product information
      • To provide the customer with direct mail, e-mail, telephone calls, etc. relating to events and exhibits
      • To utilize the personal information for joint product development
  • Person responsible for management
    • Riken Vitamin Co., Ltd.
      1-6-1 Yotsuya, Shinjuku-ku, Tokyo, Japan
      President & Representative Director Kazuhiko Yamaki

7. About our website

Encryption

The online order and application form pages of the Riken Vitamin website are securely managed using Secure Sockets Layer (SSL) and other secure communication technologies.

About personal data

The Riken Vitamin website uses cookies or similar technologies to automatically collect personal data such as your IP address and access logs. In addition to using the foregoing personal data for the purpose of improving the convenience of the website, analyzing the usage of the website, and delivering advertisements, we may provide personal data to third parties in an appropriate manner according to the purpose of use. Please note that we will not identify your personal information from personal data.
If you do not wish to have your personal data used, you can restrict its use by the following methods. However, please note that by restricting use, some of the website's functions may become unavailable to you.

  • Disabling cookies in your browser settings
  • You can disable cookies by changing your browser settings. If you disable cookies, some functions on websites other than the Riken Vitamin website may become unavailable.

  • Customizing privacy settings on our site to manage individual preferences
  • In some parts of the Riken Vitamin website, a dialog box or gear symbol regarding the use of your device information, etc. is displayed in the lower left corner of the screen. On these pages, you can choose whether to allow or restrict the use of your personal data for each purpose of use or recipient on the privacy settings screen displayed by clicking the "Settings" button in the dialog box or the gear symbol. However, it is not possible to restrict the use of personal data that is essential for browsing the site.

8. Matters relating to our reception desk

For inquiries regarding the handling of personal information by our Group, please contact the department to which you provided your personal information.

By mail

1-6-1 Yotsuya, Shinjuku-ku, Tokyo, 160-0004, Japan
Riken Vitamin Co., Ltd. General Affairs Department

In person

Please note that we cannot accept requests made in person at our offices.

GDPR Policy

This GDPR Policy (hereinafter this "Policy") applies to the handling of personal information of users who access websites published by Riken Vitamin Co., Ltd. (hereinafter “the Company”) in English from within the European Economic Area (EEA) (hereinafter "Users within the EEA") in addition to the "Privacy Policy” and "Handling of personal information." In the event of any conflict between the provisions of this Policy and other policies, etc. established by the Company, the provisions of this Policy will prevail.

  • Personal information
  • In this Policy, "personal information" means any information relating to an identified or identifiable natural person, including their name, address, telephone/FAX number, email address, and other personal data as outlined in Section 7 of "Handling of personal information," "About our website."

    Users within the EEA are not obligated to provide personal information to us; however, if a user chooses not to share personal data, it may impact our ability to provide some or all of our services to that user.

    The Company appropriately handles personal information of Users within the EEA collected through its website in accordance with the European General Data Protection Regulation (hereinafter "GDPR").

  • Purpose of use and basis therefor
  • The Company processes the personal information of Users within the EEA in accordance with the legal base outlined in GDPR Article 6 or 7. As outlined in Section 7 of "Handling of personal information," "About our website," the Company automatically collects personal data essential for browsing its website. This collection serves the following legitimate interests:

    • To appropriately display site content
    • To understand how the site is being accessed and to improve content based on that understanding.

    The Company will not use personal information of Users within the EEA for automated decision-making that has a legal effect or similar significant impact on them, except in cases falling under Article 22(2) of the GDPR.

  • Transfer of personal information outside the region
  • The Company may share the personal information of Users in the EEA with third parties outside the EEA in order to fulfill the purpose of use of the personal information. In such cases, the Company takes appropriate measures to ensure a sufficient level of protection of personal information, such as entering into standard contractual clauses with the third party.

  • Retention period
  • Unless longer retention is required or permitted by law, the Company retains personal information only for as long as necessary to fulfill the purpose of use.

  • Rights of Users within the EEA
  • Users within the EEA have the following rights with respect to the personal information that the Company collects and processes. Users within the EEA can exercise these rights by contacting the reception desk specified in "Handling of Personal Information."

    • The right to withdraw consent in respect of their personal data (GDPR Article 7(3))
    • The right to request access to their personal data (GDPR Article 15)
    • The right to request correction of their personal data (GDPR Article 16)
    • The right to request deletion of their personal data (GDPR Article 17)
    • The right to request restriction on the processing of their personal data (GDPR Article 18)
    • The right to data portability (GDPR Article 20)
    • The right to object to the company's processing of personal information (GDPR Article 21)

    In addition, Users within the EEA have the right to lodge a complaint with a supervisory authority (GDPR Article 77) with respect to the processing of personal information by the Company.

  • Revisions to this Policy
  • The Company reserves the right to revise this Policy without prior notice. If the Company revises this Policy, it will promptly post the revised policy on its website.