EU PRIVACY NOTICE FOR OUR CUSTOMERS AND OTHER BUSINESS RELATED PERSONAL DATA

1. Who is responsible for processing your data?

K. Mikimoto & Co Ltd is a luxury pearl and jewelry brand. We are committed to respecting your privacy, and this privacy notice explains how we collect, use, disclose, retain and protect your personal data.

For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the "GDPR"), K. Mikimoto & Co Ltd (the “Mikimoto” or "we” or “us" or “our”) will be the data controller responsible for any personal data we process.

Please take the time to read this privacy notice, since it contains important information about the way that we process personal data.

Questions, comments, and requests for information regarding this privacy notice, or our privacy practices in general, are welcomed and should be addressed to The Data Protection Manager. Any queries and requests regarding this privacy notice may be emailed to [email protected] or sent by post to The Data Protection Manager, 179 New Bond Street, London W1S 4RJ.

2. WHAT PERSONAL DATA WE COLLECT AND WHY?

We may source, use and otherwise process your personal data in different ways. In all cases we are committed to protecting your personal data.

In each of the sections listed below, we describe how we obtain your personal data and how we treat it.

2.1 Individual Customers

We collect personal data related to individual customers who purchase our jewelry and use repair, stringing of pearls and other services.

A - Sources of personal data

We may obtain your personal data from the following sources:

a) from you directly
b) from Mikimoto’s affiliates, where we have your permission to access it or are allowed to access it based on lawful grounds (see the list in Annex 1); and/or
c) from third parties (for example, partner organisations or service providers that are assisting us in providing you with a service).

B – What Personal Data Do We Collect and What are our Lawful Bases for it?


Individual Customers

We may use your personal data to:

Our lawful basis for doing so is:

Purpose(s):

Name, personal email address, home address, telephone number, bank details, credit card details, purchase history

Contract

Provide you with our products or services (online and in-store)

VAT records

Legal Obligation

To comply with legislation on tax refunds

Identification information, including passports and driving licences

Legal Obligation

To comply with anti-money laundering legislation where high-value transactions take place

Identification information, including passports and driving licences.

Legal Obligation

To comply with anti-money laundering legislation where high-value transactions take place

Complaints, queries, correspondence with clients, or maintaining your account with us

Legitimate Interest

Account management, Management Reporting (including at an intra-group level), Exercise or defend legal claims

Telephone, email or home address details and your preferences for our direct marketing services (for example, our brochures, e-newsletters and e-promotions)

Legitimate Interest

Promote our goods and services

CCTV images at our premises

Legitimate Interest

Managing security, risk and fraud prevention, Management Reporting (including at an intra-group level)

You may object to us using your personal data in our legitimate interests as stated in the table above, including direct marketing, please let us know using the email address provided in section 1. Where we use your email to communicate marketing information to you we will seek your prior consent, where required to do so by law.

D – How long do we keep your personal data?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

2.2 Representatives of our Existing or Prospective Corporate Customers, Business Partners, and Vendors

We may collect personal data related to employees, directors, authorised signatories, or other individuals associated with Mikimoto’s existing or prospective corporate customers (for example, wholesale buyers), business partners (for example, other shops or department stores), and vendors.

A - Sources of personal data

We may obtain your personal data from the following sources:

a) from you directly,
b) from a company that employs you, if you are an employee of our existing or prospective customer, business partner, or vendor,
c) from Mikimoto’s affiliates (see the list in Annex 1),
d) during networking events that we have either hosted, or sponsored, or attended, and/or
e) from publicly available sources (for example, your company website or social media sites).

B - Personal data that we collect and process

We may collect the following categories of personal data relating to our existing or prospective customers’, business partners’, and vendors’ employees, officers, authorised signatories, and other associated individuals:

a) name;
a) business address;
c) business email address;
d) business telephone number;
e) job title;
f) results of internal due diligence exercise (e.g. checking records on Companies House or credit reference sites, obtaining references from suppliers of prospective customers); and/or
g) information contained in company credit check results for companies who are seeking a credit facility.

C - Why do we collect your personal data and what are our lawful bases for it?

Representatives of our Existing or Prospective Corporate Customers, Business Partners and Vendors

We may use your personal data to:

Our lawful basis for doing so is:

Our legitimate interests in doing so are:

Provide you with our products or services or receive products or services from you

Legitimate Interest

Efficiently fulfil our contractual and legal obligations Management Reporting (including at an intra-group level)

Process sales (including online sales and associated)

Legitimate Interest

Efficiently fulfil our contractual and legal obligations

Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication (for example, our brochures, e-newsletters and e-promotions, e-press release materials and invitations to events we are hosting)

Legitimate Interest

Promote our goods and services Management Reporting (including at an intra-group level)

Open and manage your account with us

Legitimate Interest

Account Management Management Reporting (including at an intra-group level)

Perform customer due diligence checks

Legitimate Interest

Account Management Efficiently fulfil our contractual and legal obligations Management Reporting (including at an intra-group level) Exercise or defend legal claims

Telephone, email or home address details and your preferences for our direct marketing services (for example, our brochures, e-newsletters and e-promotions)

Legitimate Interest

Promote our goods and services

Establish and manage our relationship with you (this covers dealing with complaints or maintaining your account with us)

Legitimate Interest

Efficiently fulfil our contractual and legal obligations Account Management Management Reporting (including at an intra-group level) Exercise or defend legal claims

Secure our premises and systems (this covers our use of CCTV at our premises)

Legitimate Interest

Managing security, risk and fraud prevention Management Reporting (including at an intra-group level)

If you object to us using your personal data for these purposes, including direct marketing, please let us know using the email address provided in section 1. Where we use your email to communicate marketing information to you we will seek your prior consent, where required to do so by law.

D – How long do we keep your personal data?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with your business relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

2.3 WEBSITE VISITORS

A - Sources of personal data

We may obtain your personal data from the following sources:
a) from you directly (for example, when you purchase our goods or services online, or at the time of subscribing to any services offered on our website, including but not limited to e-newsletter and e-promotions); and/or
b) from your device or browser.
If you contact us, we may keep a record of that correspondence.

B - Personal data that we collect and process

a) name;
b) email address;
c) phone number;
d) communication preferences;
e) password;
f) home address;
g) payment details (for example, bank account details, credit card or PayPal details);
h) purchase history;
i) cookie data (for more information please see our Cookie Notice [insert a link here]);
j) preferences regarding online marketing; and/or
k) IP address.

C - Why do we collect your personal data and what are our lawful bases for it?

Website Visitors

We may use your personal data to:

Our lawful basis for doing so is:

Our legitimate interests in doing so are:

Provide our e-commerce services to you, whereby website visitors are able to buy jewelry online

Contract

Provide you with our products or services (online and in-store)

Allow you to participate in interactive features of our website when you choose to do so (including the Contact Us, Schedule Appointment and Newsletter features)

Legitimate interests

Promote our goods and services Account Management

Establish and manage our relationship

Legitimate interests

Understand the market in which we operate
Management Reporting (including at an intra-group level)
Account Management

Learn about our websites(s) users’ browsing patterns and the performance of our website(s)

Legitimate Interest

Account Management Management Reporting (including at an intra-group level)

Perform customer due diligence checks

Legitimate Interest

Website Management

Safeguard the security of our infrastructure and systems

Legitimate Interest

Managing security, risk and crime prevention
Management Reporting (including at an intra-group level)

Let you know about our products, services and events that may be of interest to you by letter, telephone, email or other forms of electronic communication (for example, our brochures, e-newsletters and e-promotions)

Legitimate Interest

Promote our goods and services
Management Reporting (including at an intra-group level)

If you object to us using your personal data for the above purposes, including direct marketing, please send us an email using the email address in section 1. Where we use cookies or similar technologies, we will seek your prior consent where required to do so by law. Where we use your email to communicate marketing information to you we will seek your prior consent, where required to do so by law.

D – How long do we keep your personal data?

We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

2.4 Visitors to Our Premises

A - Sources of personal data

We may obtain your personal data from you directly and from our systems’ records.

B - Personal data that we collect and process

a) name;
b) business contact details;
c) organisation;
d) role;
e) time and date of your visit]; and/or
f) image (for example, from CCTV cameras at our premises).

C - Why do we collect your personal data and what are our lawful bases for it?

Visitors to our Premises

We may use your personal data to:

Our lawful basis for doing so is:

Our legitimate interests in doing so are:

Security

Legitimate Interest

Managing security, risk and crime prevention

Maintain records of visitors to our premises

Legitimate interests

Management Reporting

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

D – How long do we keep your personal data?

We keep your personal data for as long as necessary to ensure security of our office visitors and as soon as it is no longer necessary we delete it.

2.5 Users of WiFi

A - Sources of personal data

We may obtain your personal data from you directly and from our systems’ records.

B - Personal data that we collect and process

a) name;
b) email;
c) and/or
d) device used.

C - Why do we collect your personal data and what are our lawful bases for it?

Visitors to our Premises

We may use your personal data to:

Our lawful basis for doing so is:

Our legitimate interests in doing so are:

SProvide our WIFI services to you

Legitimate Interest

Account management
Promote our goods and services

Security

Legitimate interests

Managing security, risk and crime prevention

If you object to us using your personal data for the above purposes, please let us know using the email address provided in section 1.

D – How long do we keep your personal data?

We keep your personal data for as long as necessary for you to use our internet connection

3. WHO DO WE SHARE YOUR PERSONAL DATA WITH

We do not sell your personal data to third parties.

Mikimoto’s Affiliates
We may share your personal data with Mikimoto’s affiliates (see the list in Annex 1).
Our Partner Organisations and Service Providers
We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:
a) technical support providers who assist with our website and IT infrastructure,
b) our payment solutions providers for processing payments;
c) third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
d) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
e) providers that help us generate and collate reviews in relation to our goods and services; and/or
f) our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf.

Law enforcement or government bodies
We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

[Company Mergers and Takeovers
We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business.]

4. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA

a) Intra-group transfers

We share your personal data with our affiliates in the EU and outside the EU. International transfers with Mikimoto affiliates outside the EEA (see Annex 1) are governed by EU Commission-approved Standard Contractual Clauses for Controllers and, where relevant, for Processors.

b) Third Party Suppliers

We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the EU, we ensure that they are contractually obligated to comply with the EU data protection rules. We also ensure in our contracts with these organisations that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.
We may also disclose personal data to our advisers, consultants, law enforcement and other public authorities (such as tax and social security bodies), the police, prosecutors, courts and tribunals. All these recipients are themselves responsible to comply with the EU data protection rules.
Some of the vendors that we engage to are located outside the European Economic Area. Where the EU Commission did not recognise them as locations providing adequate protection for personal data, we sign the EU Commission-approved contract (so called Standard Contractual Clauses) to protect your data.
You may request a copy of these agreements by contacting us using the email address in section 1.

5. Your Rights

The GDPR provides you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any inaccurate our outdated information we hold about you corrected.
  • Request personal data provided by you to be transferred in machine-readable format (“data portability”).
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above.
  • Withdrawal of consent. If we rely on your consent (for example, when setting cookies on your device or for direct marketing), you may withdraw your consent at any time.

These rights listed may be subject to various conditions under applicable data protection and privacy legislation.

If you would like to exercise any of your rights set out above, you can contact us by emailing using the email address in section 1.

If you are unhappy with how we dealt with your request or complaint, you have the right to file a complaint with the Information Commissioner’s Office, the UK data protection supervisory authority.

Annex 1

K. Mikimoto & Co., Ltd, Japan

5-5-4 Chome Ginza Chuoku, Tokyo, Japan

Mikimoto (America) Co., Ltd

680 Fifth Avenue, 6th Floor, New York, NY 10019, USA

Mikimoto Jewelry MFG Ltd

63-20-8 Aobadai, Meguro-ku, Tokyo, Japan

K. Mikimoto & Co., Ltd, Kobe

20-1,4 Chome,Yamamoto-Dori, Chuo-Ku, Kobe, 650-0003, Japan

Mikimoto Pearl Jewellery (HK) Ltd

Sea View Estate - Room 1406, B Block Watson Road, North Point, HONG KONG

K. Mikimoto & Co., Ltd, Paris Branch

8 Place Vendome, 75001 Paris, FRANCE

What day and time works for you?

We need just a little information from you:

What is your communication preference?

What would you like to discuss?

We will follow up with you by email