Last revised Mai 2023
1. Name and address of the Controller and information about our Data Protection Officer
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is: Imprint
For data privacy related questions please contact us at dataprivacy.emea@kao.com
2. Categories of Personal Data and Processing Purposes - What personal data do we process about you and why?
2.1 Metadata
You may use this Website without providing any personal data about you. In this case, we will collect only the following metadata that result from your usage of the Website: browser type and version, operating system and interface, website from which you are visiting us (referrer URL), webpage(s) you are visiting on our Website, date and time of accessing our Website and internet protocol (IP) address.
Your IP address will be used to enable your access to our Website. The metadata will be used to improve the quality and services of our Website and services by analyzing the usage behavior of our users.
2.2 Contact form
On our website, we offer you the opportunity to contact us via a contact form. To be able to process your request, we need the following information from you, which can also include personal data: your email address and message. The provision of further personal data (for example your name) is possible, but not mandatory. The personal data that you provide us in the context of this contact form will only be used to answer your inquiry / contact request and for the associated technical administration. The transfer to third parties does not take place. Your personal data will be deleted as soon as we have processed your request, or you revoke your according consent.
2.3 Newsletter
If you request to receive our newsletter, we process the following information from you, which can also include personal: your email address. The provision of further personal data (for example your name) is possible, but not mandatory. We process such personal data for purposes of providing the newsletter to the extent permitted by applicable law and analyzing your interests for marketing purposes. Salutation and your name are requested in order to provide you with a personalized experience. Additionally, some newsletter will not be sent by the Controller, but by another “Kao company” of the “Kao Group” (in particular Kao Germany GmbH). In this case, this “Kao company” will also receive your email address.
2.4 Salon finder
On our website you have the opportunity to find the nearest salons to your location that offers our products. You have the option of having your location determined by geolocation based on your IP address or by manually entering a postal code or address. There is no storage or linking of your location data with other personal data.
3. Our presences in social media networks
We have various presences in so-called social media networks. We operate the presences with the following providers:
We use the technical platform and services of the providers for these information services. We would like to point out that you use our appearances on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is available in the form of cookies on your terminal device. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.
The data collected about you in this context is processed by the platforms and may be transferred to countries outside the European Union, in particular the USA. According to their own statements, all of the aforementioned providers maintain an adequate level of data protection equivalent to the former EU-US Privacy Shield and we have concluded the standard data protection clauses with the companies. We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. The data processing may differ depending on whether you are registered and logged in to the social network or visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your terminal device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your end device can be used to track how you have moved around the network. Buttons embedded in websites enable the platforms to record your visits to these website pages and assign them to your respective profile. Based on this data, content or advertising can be offered tailored to you. If you wish to avoid this, you should log out or deactivate the "stay logged in" function, delete the cookies present on your device and restart your browser.
As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by e-mail, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy. The legal basis for the processing of your data on the social media platform is Art. 6 (1) lit. f GDPR.
To exercise your data subject rights, you can contact us or the provider of the social media platform. To the extent that one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your request to the respective partner. Please contact the operator of the social media platform directly for questions about the profiling, processing of your data when using the website. For questions about the processing of your interaction with us on our site, write to the contact details provided by us above.
The providers describe what information the social media platform receives and how it is used in their privacy statements. There you will also find information about contact options as well as about the settings options for advertisements.
4. Processing Basis and Consequences - What is the legal justification for processing your personal data and what happens if you choose not to provide it?
We rely on the following legal grounds for the collection, processing, and use of your personal data:
The provision of your personal data is not required by a statutory or contractual obligation. The provision of your personal data is necessary to enter into a contract with us or to receive our services/products as requested by you. The provision of your personal data is voluntary for you.
Not providing your personal data may result in disadvantages for you; for example, you may not be able to receive certain products and services. However, unless otherwise specified, not providing your personal data will not result in legal consequences for you.
5. Categories of Recipients and International Transfers - Who do we transfer your personal data to and where are they located?
We may transfer your personal data to third parties for the processing purposes described above as follows:
International transfers: The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). Recipients outside of the EEA are located in countries with adequacy decisions (in particular, Andorra, Argentina, Canada (for non-public organizations subject to the Canadian Personal Information Protection and Electronic Documents Act), Switzerland, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Japan, United Kingdom, Uruguay and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective. We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below.
6. Retention Period - How long do we keep your personal data?
Your personal data will be retained as long as necessary to provide you with the services and/ or products requested by you. Once you have terminated the contractual relationship with us or otherwise ended your relationship with us, we will remove your personal data from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which the Kao Company is subject-e.g., taxation purposes).
Also, we may be required by applicable law to retain certain of your personal data for a period of 10 years after the relevant taxation year. We may also retain your personal data after the termination of the contractual relationship if your personal data are necessary to comply with other applicable laws or if we need your personal data to establish, exercise or defend a legal claim, on a need to know basis only. To the extent possible, we will restrict the processing of your personal data for such limited purposes after the termination of the contractual relationship.
7. Your Rights - What rights do you have and how can you assert your rights?
Please note that these aforementioned rights might be limited under the applicable local data protection law.
Below please find further information on your rights to the extent that the GDPR applies:
To exercise your rights, please contact us as stated under Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority.
If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below.
Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
8. Cookies
This Website uses cookies. For more information about which cookies we use and how you can manage your cookie settings and disable certain types of tracking, please visit our Cookie Policy.
9. Questions and Contact Information
If you have any questions about this Privacy Policy or if you want to exercise your rights as stated above in Section 5, please contact us at: www.kao.com/global/en/EU-Data-Subject-Request/
10. Others
In the context of the further development of data protection law as well as technological or organizational changes, our privacy policy is regularly reviewed to determine whether it needs to be adapted or supplemented. We will notify you of any such changes, including when they will take effect, by updating the "Last revised" date above or as otherwise required by applicable law.