Privacy policy

MEDIROM Group Privacy Policy

Recognizing the importance of the Act on the Protection of Personal Information, MEDIROM Healthcare Technologies Inc. ("Company" hereinafter), MEDIROM affiliates (including MEDIROM subsidiaries etc. and thecompanies listed in the "List of Group Member Companies" on the MEDIROM website), and franchisees that have concluded franchise agreements with MEDIROM and MEDIROM affiliates (referred to collectively as the "MEDIROM Group" hereinafter) herebypledge to comply with laws and regulations concerning information that can be used to identify customers, trading partners, and other parties ("personal information" hereinafter) and other applicable laws, regulations, guidelines, etc. withregard to personal information, and both establish and pledge to implement and maintain the following Privacy Policy to contribute to the protection of the rights of the public.

Principles of personal information processing

1. Executives and employees of the Company and the MEDIROM Group and other related parties shall be made thoroughly aware of the importance of personal information and shall be subject to continual education, supervision, and review thereof.
2. In principle, personal information shall be collected only with the consent of the individual concerned.
3. The Company and the MEDIROM Group shall clearly specify the purposes of use of personal information within the scope necessary for business execution and shall collect, use, and provide personal information appropriately. Measures shall be taken to ensure that personal information collected shall be used solely by the staff responsible within the scope necessary for business purposes, which shall not exceed the scope of the purposes of its collection, and is not used for any other purpose.
4. The Company and the MEDIROM Group shall strive to keep personal information accurate and up to date, and to prevent cases such as unauthorized access to, loss of, damage to, unauthorized alteration of, or leakage of personal information, as well as rectifying any such cases that may arise.
5. The Company and the MEDIROM Group shall respond swiftly to any inquiries, complaints, or requests for disclosure, etc. regarding personal information from the persons concerned thereby.
6. The Company and the MEDIROM Group shall handle personal information within the scope of the purposes of use indicated clearly to the individuals concerned. In addition, the Company and the MEDIROM Group shall not disclose or provide personal information provided by the individuals concerned to any third party except when the individuals concerned have consented thereto, or there are other legitimate reasons for doing so.
7. The Company and the MEDIROM Group shall strive to establish, steadily implement, and maintain a privacy management system, and to improve it continually.

Established: April 1, 2016
Revised: October 20, 2020
MEDIROM Healthcare Technologies Inc.

Handling of personal information

Collection of customer information

Personal information is any information that identifies you or makes you identifiable. We collect different types of personal information from website users and customers, including:

1. Information you provide to us. In connection with the products and services, we may ask you to provide these categories of personal information:
- ・Account Information: Information you provide about yourself to access our services, including name, email address, phone number, mailing address, and password.
- ・Self-Reported Information: Information you provide about yourself, including your question responses, demographics, life style, health, or any other data you submit while using our services or devices.
- ・Payment Information: If and when you make an order through our services, you will need to provide us with a credit card for payment, including billing information such as your billing address, phone number, and name on the payment card. [A third-party service provider stores and processes this information securely and only for purposes of marking an order through our Services.]
- ・Voluntary Information: Information you provide to us voluntarily by completing web forms, participating in polls, or contributing to blogs, postings, contacting customer service, and other mediums.
2. Usage Information automatically collected. When you use the website, we automatically collect information about the pages you use and how you use them (“Usage Information”), as described below.
- ・Service Data: We collect information about your interactions with the website, such as the pages or other content you view, and other actions you perform while using the website.
- ・Log Data: We automatically collect log information when you use the Services. This might include your IP address, access times, hardware and software information, device information, device event information (e.g. crashes, unsuccessful logins, browser type), the web page you’ve viewed or engaged with before or after using the Services, and other relevant information.
- ・Cookies and Similar Tracking Technologies: We may use various tracking technologies to collect and store information about your use of our Services. We use these tools to ensure that you receive a personalized experience, to provide you with certain functions on our website, to keep your account safe, and to improve and optimize our services.
3. Information from our devices. If you purchase any of our devices, we may collect additional information, such as your activities, location, health status, and health markers. Information collected through our devices will be further detailed with the device purchase or use.

Purposes of use of customer information

・To provide information on the services and products handled by the Company and the MEDIROM Group
・To provide information on the services and related products offered by partners of the Company and MEDIROM affiliates
・To provide the services of the Company and the MEDIROM Group, sell products, and send products
・To bill for charges related to use of services from and sale of products by the Company and the MEDIROM Group
・To conduct surveys to help improve the quality of services handled by the Company and the MEDIROM Group
・As necessary for user authentication and identification of individual users in cases such as when logging in to members-only services provided by the Company and the MEDIROM Group
・For conducting product development, marketing, sales activities, and statistical analysis by the Company and the MEDIROM Group
・To provide related services and notifications incidental to the above purposes
・To respond to inquiries, requests, etc. from customers

Purposes of use of information on parties related to trading partners

・To carry out services under contract between the Company and the MEDIROM Group and their trading partners
・To respond to inquiries from customers
・For business-related communications
・To exchange information and goods
・To introduce parties related to trading partners to (third-party) trading partners of the Company and the MEDIROM Group

Purposes of use of job applicant information

・To inform applicants of dates and times of interviews, results of screening, etc. in connection with employment screening
・As information for use in screening to determine whether or not applicants are suited to the jobs applied for
・As basic information for management of registered information as necessary for human-resources registration after hiring decisions

Purposes of use of employee information

・Human-resources and labor management (including human-resources evaluations, placement [including secondment and transfer], training, and hiring)
・Wage management (including decisions on salaries and lump-sum payments, and payment of retirement benefits)
・Health management (including health checkups and health guidance)
・Welfare benefits (including asset-building savings and discounts on Company products)
・Security management (including crime prevention, disaster prevention, system authentication, and occupational safety and health management)
・Business administration (including business communications, preparation of various reports, and posting to groupware, etc.)

In the event that there is a need to use personal information beyond the extent of the purposes of use indicated or announced in advance, the individual concerned or other related partyshall be notified of such fact and his or her consent obtained prior to such use.

Prohibition of collection, etc. of sensitive information

Personal information that contains the following content shall not be collected, used, or provided.

・Matters concerning ideology, creed, or religion
・Matters concerning race, ethnicity, family origin, domicile of origin (not including information concerning the prefecture in which it is located), physical or mental disability, criminal record, or other matters that could lead to social discrimination
・Matters related to exercise of workers' right to organize, collective bargaining, or other collective action
・Matters related to participation in group demonstrations, exercise of right to petition, or exercise of other political rights
・Matters related to medical care covered by health insurance or sexual activities

Management of personal information

The Company and the MEDIROM Group shall appoint personal information managers and make their roles clear, maintaining an environment in which the manager can carry out activities related to the protection ofpersonal information appropriately.

Provision and entrustment of personal information to third parties

The Company and the MEDIROM Group shall not disclose or provide personal information collected to any third parties except in the following cases:

・With the consent of the individual concerned
・With our service providers and vendors
・Pursuant to laws and regulations
・When necessary to protect human life, health, or property, and it would be difficult to obtain the consent of the individual concerned
・When entrusting the handling of personal information to another party within the scope necessary to achieve the purposes of use
・In cases of succession of business due to merger, spinoff, transfer of business, or other reason. We will notify you with any choices you may have regarding your personal information when we are engaged in a merger, bankruptcy, or corporate reorganization.

Joint use of personal information

The Company may use personal information jointly within the MEDIROM Group for the purposes of general provision of services by the Company and the MEDIROM Group.

・Scope of joint users
MEDIROM, MEDIROM affiliates, and franchisees under contract with MEDIROM and MEDIROM affiliates
・Items of personal information used jointly
Name, address, telephone no., email address
・Purposes of joint use
Providing information on various promotional campaigns, products, and services, and responding to comments and inquiries
・Person responsible for management of personal information
16F, Tradepia Odaiba, 2-3-1 Daiba, Minato-ku, Tokyo
MEDIROM Healthcare Technologies Inc. Privacy Contact Point
E-mail:cs@medirom.co.jp

Optional nature of provision of personal information

Please understand that while provision of personal information is optional, failure to provide the necessary items of information could make it impossible to respond to inquiries, provide services, etc.

Disclosure, etc. of personal information

The Company and the MEDIROM Group will respond to the following requests regarding personal information subject to disclosure (the scope of purposes of use of personal information). Please direct any such requeststo the MEDIROM Privacy Contact Point.

・Requests for notification of purposes of use
・Requests for disclosure
・Requests for correction of content
・Requests for addition or deletion
・Requests for suspension of use
・Requests for suspension of provision to third parties

In principle, requests should be made by the individual concerned by the personal information. In some cases, depending on the content of personal information requests regarding the personal information of personsaged 18 and under must be made by their guardians or similar parties.

Changes, etc. to the Privacy Policy

The Company and the MEDIROM Group may revise the Privacy Policy at any time. The Company and the MEDIROM Group will not curtail the rights of customers under this Privacy Policy without the customers' explicitconsent. Announcement, notification, etc. of any changes to this Privacy Policy will be made in accordance with the Act on the Protection of Personal Information, and efforts to remain in compliance with laws and regulations will continuethereafter.

Communication preferences

If you do not want to receive emails from us, please adjust your communication preferences or click the unsubscribe link within the email you received from us. You will not be able to unsubscribe from service or account related communications as they are necessary for us to continue offering you our services.

Use of Google Analytics

Collection of access logs by the Company

Google Analytics is used for analysis. Google Analytics and cookies are used to collect logs that do not include any personally identifying information.
Logs collected are managed based on Google's privacypolicy.
See the links below for more information concerning Google Analytics and Google's privacy policy.

・Google Analytics ：
http://www.google.com/intl/ja/analytics/
・Google privacy policy：
http://www.google.co.jp/intl/ja/policies/privacy/

Security

To protect your personal information, we take reasonable precautions and follow industry standard practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.You should be aware that, unfortunately, no system can be 100% secure. There will always be a risk that your personal information gets compromised. We also depend on you to keep your account and contact information secure by keeping your password confidential and taking precautions to keep others from accessing your account. Please notify us immediately if you become aware of any unauthorized access to or use of your account.

Children’s privacy

By using this site, you represent that you are at least the age of majority in your jurisdiction of residence, or that you are the age of majority in your jurisdiction of residence and you have given us your consent to allow any of your minor dependents to use this site. Please contact us if you believe we have collected personal information about a child without consent from their parent or guardian so we can take action to prevent such access and to delete their personal information from our databases.

Notice to individuals in California

California law permits California residents to ask us for a notice that identifies the categories of personal information that we share with our affiliates and/or third parties for marketing purposes, and that provides contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us at the address provided under the “Inquiries” section below.

Do Not Track signals

Currently, we do not monitor or take any action with respect to Do Not Track signals or other mechanisms, which means that we collect information about your online activity both while you are using the our website or services and after you use the website.

Inquiries concerning personal information

Please address any inquiries concerning your personal information or the Privacy Policy in general to the Company's Privacy Contact.

Contact

・MEDIROM Healthcare Technologies Inc. Privacy Contact
・E-mail：cs@medirom.co.jp

Established: April 1, 2016
Revised: October 20, 2020
MEDIROM Healthcare Technologies Inc.