日本語 | 中国語

Privacy Statement

  • HOME>
  • Privacy Statement

Policy on the Protection of Personal Information at Costco Wholesale Japan, Ltd. (revised edition)

Last Updated: May 2017

*Please note that this document is an unofficial translation and was prepared for reference purpose only. The original release is in Japanese.
This policy on the protection of personal information is intended to explain a policy of Costco Wholesale Japan, Ltd. (hereafter called “our company”) concerning the handling of personal information, and applicable to personal information of all people (both members and non-members; hereafter collectively called “members or the like”) that our company acquires.

Our company’s efforts for the protection of personal information

Our company complies with the Act on the Protection of Personal Information of Japan and the related laws and regulations, and respects the protection of personal information.
The fact that our members or the like can determine whether or not to provide their personal information after being notified about the use of such personal information is important to our company.

You can see detailed explanation of our company’s handling of personal information in each section below.

A. Definition and items of personal information

1. “Personal information” in this policy on the protection of personal information refers to “personal information” that is specified in the Act on the Protection of Personal Information of Japan, and the following information is included in “personal information.”

  1. Information on a living individual that can identify a particular individual (including cases where an individual can be identified by referring other information)
  2. Individual identification code (Individual Number, passport number, driver’s license number, pension number, insurance identification number, face recognition data, fingerprint recognition data, etc.)

2. Personal information that our company acquires includes the following examples.

  1. Name, gender, date of birth, postal address, postal code, phone number, fax number, email address
  2. Name of the place of employment, name of the department, job title, postal address, postal code, phone number, fax number, email address of the place of employment
  3. Credit card information, bank account information
  4. Passport number, driver’s license number, pension number, insurance identification number, other identification card numbers
  5. Product purchase history, service use history, history of communication with websites (browsing history, search history, etc.)
  6. Medical history, result of health checkups/examinations, replies to questions, record of medical care and/or drug prescription, other health information (hereafter called “health information”)
  7. Photographed or recorded individual images or voice
  8. Information on membership (presence/absence of members, admittance/withdrawal history, etc.)

3. “Personal information” does not include “statistical information.”

“Statistical information” is data obtained by extracting common elements for each group or category of products, services, members or the like from information of multiple individuals and quantifying the extracted elements, and does not include information on particular individuals. “Statistical information” is used by our company to understand the trends and the needs of our members or the like, and with such understanding, we can conduct better studies of new products and services, and improve the existing products and services in order to respond to the requests of our members or the like.

B. Acquisition of personal information

1. Our company acquires personal information of our members or the like by legitimate and appropriate means.

Personal information that our company acquires includes not only personal information of our members or the like themselves, but also personal information of their families, etc. that our company indirectly acquires through our members or the like.

2. Our company acquires personal information mainly in the following cases.

  1. When a person is registered as a member of our company, or when a person’s membership of our company is renewed
  2. When a person is registered for our company’s member services, or participates in the services
  3. When a person places an order for, or purchases, our company’s product or service
  4. When a person replies to a questionnaire or the like
  5. When a person visits our company’s warehouse or the like
  6. When a person makes an inquiry on our company’s member services, events or promotional campaigns
  7. When a person fills in a questionnaire or the like at a pharmacy, warehouse, etc.
  8. When a third party other than our company provides personal information on a commissioned basis, or through business succession or joint use

3. Acquisition of special-care required personal information

(1)“Special-care required personal information” refers to personal information comprising the principal’s race, creed, social status, medical history, criminal record, or the fact of having suffered damage by a crime, or other descriptions, etc. as those of which the handling requires special care so as not to cause unfair discrimination, prejudice or any other disadvantages to the principal.

(2)Our company does not acquire special-care required personal information without obtaining the principal’s consent in advance, except in the following cases.

  1. Cases based on laws and regulations
  2. Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain the principal’s consent
  3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain the principal’s consent
  4. Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs
  5. Cases in which the special-care required personal information is being open to the public by a principal, a central government organization, local government or the like
  6. Cases in which the principal is photographed with a security camera or the like
  7. Cases in which the special-care required personal information is acquired on a commissioned basis, or through business succession or joint use

(3)If our company acquires special-care required personal information of a family of our member or the like from the member or the like, our company obtains the family’s consent in advance in principle.
If a family of the member or the like does not have the ability to determine whether or not to consent due to his/her juvenility, advanced age, illness, etc., or the family of the member or the like has given the member or the like an approval to provision of such special-care required personal information, we may acquire such special-care required personal information with the consent of the member or the like.

C. Purpose of use of personal information

1. Our company uses personal information (for health information, Section 2 shall apply) of our members or the like within the scope of the following purposes.

  1. Response to, or confirmation or recording of an order for our product or service from our member or the like
  2. Delivery of a product purchased by our member or the like
  3. Provision of information on promotions such as an event for our members or the like, a promotional campaign, or a discount, etc. (hereafter called “promotion information”)
  4. Introduction to or provision of a special product or service for our members or the like (hereafter called “member service”) that a third party provides
  5. Conduct of a questionnaire or the like intended to grasp opinions and requests of our members or the like
  6. Payment with a credit card or the like, and automatic withdrawal of an annual membership fee, etc.
  7. Issuance of a warning to our members or the like about product recalls or safety issues
  8. Response to inquiries on product defects, repairs or replacement
  9. Response to inquiries or the like from our members or the like
  10. Analysis of personal information with the aim of planning, developing or proposing a product or service
  11. Use for a purpose that members or the like individually consent
  12. Understanding of the needs of our members or the like so that our company can provide better services
  13. Fulfillment of obligations about contracts that our company conclude with members or the like and maintenance, management, etc. of contracts
  14. Protection of the security of human lives, bodies, properties or other rights of our company, our members, our employees or third parties

2. Our company uses health information among personal information of our members or the like within the scope of the following purposes.

  1. Provision of a dispensing service and medicine information
  2. Provision of information considered as beneficial for health maintenance and promotion, etc.
  3. Insurance claim work
  4. Provision of information to our member’s family or the like for medication
  5. Referral to a medical institution or physician issuing a prescription for the dispensing service and the insurance claim process
  6. Establishment of necessary cooperation with a hospital, clinic, pharmacy, home-visit nursing station, nursing care service provider, etc.
  7. Submission of a dispensing fee bill to an examination and payment agency for insurance claim work
  8. Reply to referral by an examination and payment agency or an insurer for insurance claim work
  9. Production, provision, maintenance, etc. of eye glasses, contact lenses, hearing aids, etc.
  10. Response to inquiries from our members or the like
  11. Study of information analysis, etc. (health information is used in the form of information that is made anonymous in order to prevent the individual from being identified)
  12. Fulfillment of obligations related to a contract that our company concludes with a member or the like, or maintenance, management, etc. of the contract
  13. Protection of the security of human lives, bodies, properties or other rights of our company, our members, our employees or third parties

D. Provision of personal information to a third party

1. Provision to a third party based on consent of the principal

In the following cases, our company may provide personal information of our members or the like to a third party within the scope of “C. Purpose of use of personal information” based on consent of the principal.
(For cases where personal information is provided to the consignee or joint user in association with commissioning or joint use, see “E. Commission of the handling of personal information” and “F. Joint use of personal information.”)

  1. Cases in which our company provides personal information necessary for providing a product or service that our member or the like orders, such as the postal address, email address or phone number of the delivery destination or billing destination, and a product order, to the vendor (sales company), supplier (manufacturing company), etc. of the product that our member or the like purchases
  2. Cases in which our company makes contact, referral, etc. to a vendor, supplier, etc. in order to respond to an inquiry or the like from a member or the like
  3. Cases in which our company provides personal information to a third party on behalf of the principal

    (Examples)
    – Providing personal information that a member or the like needs for applying with a credit card company through our company in order to apply for the issuance of a credit card
    – Providing information on the card number or sales/transaction to a credit card company or personal credit information bureau through our company in association with payment with a credit card
    – Providing personal information necessary for a system development company for automatic withdrawal of an annual membership fee or the like

  4. Cases in which our company provides health information to another hospital, clinic, pharmacy, home-visit nursing station, nursing care service provider, examination and payment agency or insurer or the like in order for the purpose of use indicated in subsection 2 of “C. Purpose of use of personal information”
  5. Other cases in which our company needs to provide personal information to a third party in order to achieve the purpose of use indicated in “C. Purpose of use of personal information”
  6. Cases in which our company provides personal information to a third party in a foreign country for any of the reasons 1) to 5) above
  7. Cases in which our company commissions the handling of personal information to a third party in a foreign country as indicated in “E. Commission of the handling of personal information”
  8. Cases in which our company jointly use personal information with a third party in a foreign country as indicated in “F. Joint use of personal information”
  9. Cases in which a member or the like individually consents to provide personal information to a third party
    (* “A foreign county” in subsections 6) to 8) above includes the countries/regions where our domestic and overseas group companies are located, which are posted on our company’s website [http://www.costco.co.jp/p/aboutcostco/worldwide], as well as Singapore. In addition, our company may provide personal information to a third party in foreign countries other than these in association with the use of cloud services, etc.)

2. Provision to a third party in cases where such provision is based on laws and regulations, etc.

In the following cases, our company may provide personal information to a third party without consent of the principal.

  1. Cases based on laws and regulations
  2. Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain the principal’s consent (for example, a case where an accident occurs with a product that our member or the like purchases, the manufacturer requests a recall, and our company provides information of the contact, etc. of the member or the like purchasing the product to the manufacturer)
  3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain the principal’s consent
  4. Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs

E. Commission of the handling of personal information

1. In association with the commission of the handling of personal information of our members or the like to an external contractor, our company may provide personal information to the commissioned contractor. In doing so, we will select an appropriate contractor, and instruct and supervise the contractor to ensure that the commissioned handling of personal information is securely managed.

2. Cases where our company commissions the handling of personal information to an external contractor include the following.

  1. Commissioning of inputting, management and processing of personal information data
  2. Commissioning of the delivery of products
  3. Commissioning of the sending of direct mail
  4. Commissioning of the transmission of electronic mail
  5. Commissioning of the analysis of personal information for planning, developing and proposing member services
  6. Commissioning of the payment clearance work for annual membership fees, etc.
  7. Response to, confirmation and recording of orders from members or the like for products or services

F. Joint use of personal information

Our company may jointly use personal information of our members or the like with our domestic or overseas affiliate as indicated below, within the scope of “C. Purpose of use of personal information.”

  1. Items of personal information to be jointly used
    – Personal information indicated in “A. Definition and items of personal information”
  2. Scope of joint users (affiliates)
    Our domestic and overseas group companies posted on our company’s website (http://www.costco.co.jp/p/aboutcostco/worldwide)
  3. SPurpose of joint use
    Purpose of use indicated in “C. Purpose of use of personal information”
  4. Personal information manager
    Our company’s person in charge of personal information

G. Provision of personal information accompanied with business succession

Accompanied with a merger, divestiture, business transfer, operating asset transfer and other business succession (hereafter called “business succession”), our company may provide personal information that our company holds to the other party to the business succession.
In addition, in the course of negotiations that precede the business succession, our company may provide personal information to the other party to the business succession after taking an action for appropriate information management.

H. Safety control measures

Our company pursues safety control measures in order to protect personal information from being lost, abused or falsified while the information is under control of our company. Personal information that our company collects is electronically stored and may be combined with other member information. Our company seeks to take technical, contractual, administrative and physical measures to protect personal information from unauthorized access.

I. Handling specific to on-line

1. What are cookies? Is it necessary to acknowledge cookies?

Cookies are small files that are stored in computers of our members or the like. Our company uses cookies in “costco.co.jp” in order to optimize histories of our members or the like. The costco.co.jp website does not store any personal information using cookies. Our members or the like have the option not to choose cookies for browsing “costco.co.jp.”

2. On-line links to other websites

Any of our members or the like can link to a website of a third party that agrees to provide their products and services to our members or the like through the other selected parts of our member services and our company’s website. Personal information that our member or the like provides on such linked page is directly provided to such third party, and a privacy policy of the third party will be applied. Except for the cases indicated above, our company will not assume responsibility for the contents, privacy and security operation and policy of the websites that our company links. The links from our company’s website to third-party sites and other sites are provided for convenience of our members or the like. We recommend that our members or the like become acquainted with any such third-party’ handling of and policy for personal information protection and security before providing their personal information to the third party.

3. Retention of information that our company collects on-line

The information that our company automatically collects as a result of on-line activities of members or the like is generally not retained in a manner that the individual can be identified. If such information enables the identification of an individual, our company will retain the information for only a period required to conduct a study or analysis concerning our company’s website. However, this does not apply to information required to investigate fraud or problems related to specific transactions and events.

4. Use of Google Analytics

Our site uses Google Analytics in order to provide a better homepage by grasping the usage status. Although Google Analytics collects information on the usage status using cookies, such information does not include information that identifies a particular individual. For Google Analytics, visit the website of Google Analytics (http://www.google.co.jp/analytics/). To provide better services, our company uses data on Google’s interest-based advertisements and third-party user data (e.g., age, gender, and interest) with Google Analytics.

J. Disclosure, correction, utilization cease, etc. of personal information

Our company responds to our members or the like’s requests for notification of the purpose of use of their personal information, disclosure of such information, correction of the content, addition, deletion, utilization cease, erasure, ceasing a third-party provision, etc. (hereafter “requests for disclosure or the like”), in accordance with the following procedures.

1. Contact for requests for disclosure or the like

Requests for disclosure or the like will be accepted only if they are made by the principal or his/her agent (only in cases where the agent’s authority is confirmed) at a membership counter of our company’s warehouses in Japan.

2. Format of a form to be submitted for a request for disclosure or the like, and other methods for receiving requests for disclosure or the like/h4>

Our company responds to requests for disclosure or the like only in the form of writing.
To protect personal information from fraud, our company will not respond to requests made by postal mail, facsimile, telephone or email.

3. Method for confirming that the person making a request for disclosure or the like is the principal or his/her agent

Any request for disclosure or the like requires a driver’s license, a passport or other identification card with a face photo. In case of a member, a Costco membership card is also required.

K. Change of the policy on the protection of personal information

Our company reserves the right to change this personal information protection policy at any time. Our company recommends that our members or the like read our company’s personal information protection policy in order to accurately understand how provided personal information will be used.

L.Contact

For questions, inquiries, communications, etc. concerning this personal information protection policy and the handling of personal information of our members or the like, please contact the following.

Personal Information Protection Manager, Costco Wholesale Japan, Ltd.
5F 3-1-4, Ikegami-Shincho, Kawasaki Ku, Kawasaki City, Kanagawa Prefecture
210-0832, Japan
Phone: 044-281-2600 (mail phone number)
Email address: info@costco.co.jp