Kao Sweden AB
Last revised 22.05.2018

Kao Sweden, Kungsbroplan 3 A, 112 27 Stockholm, Sweden ("Kao Company" or "we" or "our") provides this Vendor/Business Partner Data Protection Notice ("Notice") to explain our practices as the responsible data controller regarding the collection, processing, and use of personal data relating to our vendors, suppliers, and business partners (collectively, "Vendors") and our Vendors' employees.

1.Scope

This Notice applies to you if you are a Vendor of the Kao Company as an individual (e.g., a consultant or sole entrepreneur) or if you are an employee of a Vendor who interacts with the Kao Company on such Vendor's behalf.

2.Categories of Personal Data

he Kao Company collects, processes, and uses the following categories of personal data about you from you or from authorized third parties (e.g., your supervisor, public authorities or public resources) (collectively, "Vendor Data"):

  • Personal data relating to Vendors who are individuals: name, business contact details, services or goods provided or offered, contract details, content of communication (such as email or business letters), payment information, invoice information, and business relationship history
  • Personal data relating to an employee of a Vendor: name, business contact details, employer name, title/position, and content of communication (such as email or business letters)

3.Processing Purposes, Basis, and Consequences

Vendor Data is collected, processed, and used for purposes of performing the contractual relationship with the Vendor (including fulfilling the contractual obligations, invoice processing, communication, and legal and compliance activities), for purposes of marketing and Customer Relationship Management ("CRM") activities, and for security and fraud prevention activities (collectively, "Processing Purposes").

The Kao Company relies on the following legal grounds for the collection, processing, and use of personal data:

  • performance of the contractual relationship with the Vendor;
  • legitimate interest of the Kao Company, other Kao Group companies or other third parties (such as governmental bodies or courts) where the legitimate interest could be in particular group-wide information sharing, marketing and CRM activities, prevention of fraud, misuse of IT systems, or money laundering, operation of a whistleblowing scheme, physical security, IT and network security, internal investigations, or potential merger and acquisition activities;
  • consent;
  • compliance with legal obligations;
  • protection of the vital interests of you or another individual;
  • performance of a task carried out in the public interest or in the exercise of official authority vested in the Kao Company; and

The provision of Vendor Data is necessary for the conclusion and/or performance of the Vendor contract, and is voluntary. However, if you do not provide Vendor Data, the affected Vendor management and administration processes might be delayed or impossible.

4.Categories of Recipients and International Transfers

The Kao Company may transfer your Vendor Data to third parties for the Processing Purposes as follows:

  • Within the Kao Group: Our parent entity, the Kao Corporation, in Japan and each of its affiliates and subsidiaries (each affiliate or subsidiary including us referred to as "Kao Company"; collectively, the "Kao Group") within the global Kao Group receive your personal data as necessary for the Processing Purposes, in particular to conduct periodic reviews to ensure compliance with applicable laws and internal policies, and respond to and comply with requests and legal demands.
  • With certain acquiring or acquired entities: If the Kao Company business with which you have a relationship is sold or transferred in whole or in part or if the Kao Company is acquiring and integrating another entity into the Kao Company business with which you have a relationship (or any similar transaction is being contemplated), your personal data may be transferred to the other entity prior to the transaction (e.g., during the diligence phase) or after the transaction, subject to any rights provided by applicable law, including jurisdictions where the other entity is located.
  • With data processors: Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data under appropriate instructions ("Processors") as necessary for the Processing Purposes, in particular to provide IT and other administrative support (e.g., service providers who provide account payable support or IT hosting and maintenance support), comply with applicable laws, and other activities. The Processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.

Any access to your personal data is restricted to those individuals that have a need-to-know in order to fulfill their job responsibilities. The Kao Company may also disclose your personal data as required or permitted by applicable law to governmental authorities, courts, external advisors, and similar third parties.

International transfers. The personal data that we collect or receive about you may be transferred to and processed by recipients that are located inside or outside the European Economic Area ("EEA"). For recipients located outside of the EEA, some are certified under the EU-U.S. Privacy Shield and others are located in countries with adequacy decisions (in particular, and, in each case, the transfer is thereby recognized as providing an adequate level of data protection from a European data protection law perspective. Other recipients might be located in countries which do not adduce an adequate level of protection from a European data protection law perspective. We will take all necessary measures to ensure that transfers out of the EEA are adequately protected as required by applicable data protection law. With respect to transfers to countries not providing an adequate level of data protection, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct together with binding and enforceable commitments of the recipient, or approved certification mechanisms together with binding and enforceable commitments of the recipient. You can ask for a copy of such appropriate safeguards by contacting us as set out in Section 7 below.

5.Retention Period

Your personal data is stored by the Kao Company and/or our service providers, strictly to the extent necessary for the performance of our obligations and strictly for the time necessary to achieve the purposes for which the information is collected, in accordance with applicable data protection laws. When the Kao Company no longer needs to use your personal data, we will remove it from our systems and records and/or take steps to properly anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which the Kao Company is subject).

Personal data contained in contracts, communications, and business letters may be subject to statutory retention requirements, which may require a retention of up to 10 years. Any other Vendor Data will in principle be deleted 5 years after the termination of the business relationship between you and the Kao Company.

6.Your Rights

Right to withdraw your consent: If you have declared your consent regarding certain collecting, processing and use of your personal data (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you can withdraw this consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal. Please contact us as stated in Section 7 below to withdraw your consent. Further, you can object to the use of your personal data for the purposes of marketing without incurring any costs other than the transmission costs in accordance with the basic tariffs.

Additional data privacy rights: Pursuant to applicable data protection law you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data; (iv) request restriction of processing of your personal data; (v) request data portability; and/or (vi) object to the processing of your personal data.

Please note that these aforementioned rights might be limited under the applicable local data protection law. Below please find further information on your rights to the extent that the GDPR applies:

  • Right to request access to your personal data: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The access information includes – inter alia – the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipient to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
    You may have the right to obtain a copy of the personal data undergoing processing free of charge. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
  • Right to request rectification: You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to request erasure (right to be forgotten): Under certain circumstances, you may have the right to obtain from us the erasure of personal data concerning you and we may be obliged to erase such personal data.
  • Right to request restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes. As the Kao Company processes and uses your personal data primarily for purposes of carrying out the contractual relationship with you, the Kao Company will in principle have a legitimate interest for the processing which will override your restriction request, unless the restriction request relates to marketing activities.
  • Right to request data portability: Under certain circumstances, you may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
  • Right to object:

Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Such right to object may especially apply if we collect and process your personal data for profiling purposes in order to better understand your interests in our products and services or for direct marketing.

If you have a right to object and you exercise this right, your personal data will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in Section 7 below.

Such a right to object may, in particular, not exist if the processing of your personal data is necessary to take steps prior to entering into a contract or to perform a contract already concluded.

If you no longer want to receive direct marketing via email, SMS/MMS, fax, and telephone, you need to withdraw your consent as explained above

To exercise your rights please contact us as stated in Section 7 below. You also have the right to lodge a complaint with the competent data protection supervisory authority.

7.Questions and Contact Information

If you have any questions about this Notice or if you want to exercise your rights as stated above in Section 6, please contact us at: Kao Denmark, Lyngbyvej 2, 2100 Copenhagen Ø, Denmark, tel +45 4615 2111.

  • Home
  • Kao Sweden AB.
  • Home
  • Kao Sweden AB.
Page Top