1.1 The Company, whose registered office is located at Rue du Cerf, 127 – 1332 Genval (Belgium), collects and uses certain Personal Data. The Company is required to ensure that it uses such Personal Data in accordance with the laws and regulations in force regarding the protection of personal data.
1.2 We respect the confidentiality of all your Personal Data and are committed to protecting it. This Policy governs how the Company handles Personal Data in the course of its business activities.
1.3 For the purposes of this Policy, the following terms shall have the meanings set out below:
“Personal Data” means data relating to a living individual who is identified or can be identified, directly or indirectly, from such data, alone or in combination with other information currently or potentially in the Company’s (or its representatives’ or service providers’) possession. In addition to factual information, Personal Data includes any opinion expressed about the data subject as well as any intention expressed about the data subject by the Company or another person.
2.1 This Policy covers different categories of information about you collected in the course of providing our products and services, namely :
(A) Information we receive via our websites;
(B) Information we receive in the course of our business;
(C) Information we receive in the course of manufacturing and selling our products.
In the course of its activities, the Company is often required to obtain Personal Data about you in order to perform the services or obligations to which it is contractually bound. To carry out each activity, the Company collects and processes the following Personal Data about you:
4.1 Your Personal Data may be stored and processed by us in the following manner and for the following purposes:
– continuous evaluation and improvement of the information provided on our websites, to ensure their user-friendliness and to prevent any risk of disruption or cyber-attacks ;
– considering a request you have made to us, where appropriate;
– establishing the customer base for our business;
– setting up user accounts;
– statistical monitoring and analysis of current attacks on devices and systems; continuous adaptation of the security solutions implemented in this respect;
– analysis of the opinions given on our products or services; increased accessibility of the proposed information on the use of these products and services;
– communication with you, with a view to providing you with services or information about our business, our company and our products;
– in-depth threat analysis;
– understanding your needs and interests;
– management and administration of our business;
– compliance with applicable laws and regulations and internal policies and procedures (and controls to assess such compliance); or
– administration and maintenance of databases storing Personal Data.
4.2 We will, however, ensure that any use of Personal Data is in accordance with applicable laws and regulations. These laws and regulations authorise us and, in certain cases, require us to use the Personal Data collected. These cases include the following:
– Such use is necessary to enable us to perform our contractual obligations to customers;
– you have given your consent to such use;
– we need to fulfill legal or regulatory obligations;
– we need to establish, exercise or defend our rights under the law or to take legal action;
– the use of your Personal Data is necessary to serve our legitimate business interests, including allowing us to :
– effectively manage and administer our business;
– ensure compliance with our internal policies and procedures;
– monitor the use of our copyrighted materials;
– provide quick and easy access to information about the Company, its activities and products;
– provide optimal and up-to-date security solutions for mobile devices and computer systems; and
– to deepen our knowledge of current network security threats in order to update our security solutions and bring them to market.
4.3 We undertake to take the necessary measures to ensure that Personal Data is only accessible to Company employees with a need to know for the purposes set out in this Policy.
5.1 We may disclose your Personal Data within the Suntory Group for the purposes set out above.
5.2 We may also disclose your Personal Data outside the Suntory Group for the following purposes:
– to our business partners. These may include, but are not limited to, those from whom you or your company/company purchased our products. Your Personal Data will only be transferred to business partners who are contractually bound to comply with an appropriate data protection obligation, as well as with privacy and data protection legislation;
– to third party agents or service providers who are responsible for providing services to us (such as accounting firms, consultants, IT and communications service providers or the Company’s debt collectors). These third parties will be subject to adequate data protection obligations and will only use your Personal Data within the limits set out in this Policy;
– to the extent required by law and regulations, to administrative or judicial authorities, for example if we are required to disclose your Personal Data pursuant to a legal obligation (including, but not limited to, tax reporting obligations and responding to requests for information from supervisory authorities), or for the purpose of establishing, exercising or defending our rights;
– to a potential purchaser, in connection with the audit performed prior to the disposal of a business or assets; and
– to the third party acquirer, in the context of a third party takeover of the Company.
6.1 Our Company is a multinational corporation. Our customers and operations are based all over the world. The collection and transfer of Personal Data by us is therefore global. As a result, we may transfer your Personal Data outside your country of residence.
6.2 If your Personal Data is transferred to a country outside the EEA, we will ensure that your data is protected and transferred in accordance with legal requirements. For data transferred outside Europe, for example, this protection is implemented by at least one of the following means:
– the country to which we send your data is approved by the European Commission as providing an adequate level of protection for Personal Data;
– the recipient has signed a contract incorporating “standard contractual clauses” approved by the European Commission, which imposes an obligation to protect your Personal Data;
– if the recipient is located in the United States, it may be certified under the EU/US Data Protection Shield; or
– in other cases, the law may allow us to otherwise transfer your Personal Data outside of Europe.
6.3 For more information about how your Personal Data is protected when transferred outside Europe (including a copy of the standard contractual terms that we have in place with the recipients of your Personal Data), please contact us using the contact details set out in paragraph 10 below.
7.1 We have implemented measures to ensure the security of our Personal Data and information systems. Different protection is applied to customer files depending on the sensitivity of the information they contain. Adequate means of control (e.g. restricted access) are implemented on our computer systems. Only our authorized employees have access to the premises used for the collection, processing or storage of Personal Data.
7.2 At the time of hiring, our employees undertake to comply with all applicable laws and regulations, including data protection legislation. Access to Sensitive Personal Data is limited to those employees who need to know it in order to perform their duties. Any unauthorized use or disclosure of the Company’s confidential information by an employee is strictly prohibited and may result in disciplinary action.
7.3 If you contact us about your case, you may be asked for certain Personal Data for authentication purposes. This type of protection measure is intended to ensure that only you – or failing that, a person authorised by you – have access to your file.
8.1 The retention period of your Personal Data is variable and will be set according to the following criteria:
– purpose of use: e.g. if there is a contractual agreement between us, we will need to retain your Personal Data for the duration of the agreement in order to fulfil our obligations under the agreement; and
– legal or regulatory framework: the minimum retention period of your Personal Data may be set by law or regulation.
9.1 When we collect, use or store your Personal Data in one of the ways listed above, you may have a number of rights, which in most cases are free of charge.
These include the following rights:
– the right to information concerning the processing of your Personal Data and the right of access to the Personal Data we hold about you ;
– the right to revoke at any time the consent given to the processing of your Personal Data. Please note that we may nevertheless be entitled to continue processing your Personal Data if there is another legitimate reason to do so. For example, we may need to retain Personal Data to comply with a legal obligation;
– in some cases, the right to receive certain Personal Data in a structured, commonly used, computer-readable format and/or to request that your Personal Data be transferred to a third party, provided that this is technically feasible. Please note that this right only applies to Personal Data that you have provided directly to the Company.
– the right to request the rectification of your Personal Data if it is inaccurate or incomplete;
– in certain circumstances, the right to request the deletion of your Personal Data. Please note that in certain circumstances, we may be legally entitled to retain your Personal Data even though you request us to delete it.
– the right to object to the processing of your Personal Data and the right to request a limitation of such processing in certain cases. Again, please note that in certain cases we may be legally entitled to process your Personal Data or not to limit such processing despite a request to the contrary from you.
– the right to lodge a complaint with the competent data protection supervisory authority if you believe that we have infringed any of your rights.
– the right to give us instructions concerning the processing of your Personal Data after your death.
9.2 You may exercise your rights by contacting us using the contact details set out in paragraph 10 below.
10.1 If you have any questions or complaints about the Company’s processing of your Personal Data or about this Policy, please contact our Data Protection Officer at the following address:
Email address: GDPR.Info@suntory.com
As a general rule, we are able to provide a quick and satisfactory solution to questions or complaints relating to the protection of personal data. However, if you are not satisfied with the answer you receive from our Data Protection Officer, you can refer your questions to the competent supervisory authority in your country. On request, our Data Protection Officer will provide you with the contact details of this authority.
For any other questions, the designated Primary Competent Authority for the Company can be contacted by mail at the following address CNIL, Commission nationale de l’informatique et des libertés, 3 place de Fontenoy – 75007 Paris.
In Belgium, you may also contact the Data Protection Authority located at Rue de la Presse, 35, 1000 Brussels, Belgium.