Citizen Watches (H.K.) Ltd. Privacy Policy Statement

Under the belief that it is an important societal responsibility of us to appropriately protect and handle personal information of our customers, clients, stockholders and all other persons concerned who are involved in our business activities.

We, CITIZEN Watches (H.K.) Ltd. (hereinafter referred as “Company”), part of the Citizen Group, pledges to meet fully with the requirements of the Personal Data (Privacy) Ordinance, Chapter 486 of the Laws of Hong Kong (the “Ordinance”). In doing so, the Company will ensure compliance by its staff to the strictest standards of security and confidentiality in respect of all personal information and data submitted by you to the Company and the Company will not release such information to anyone without your prior consent except to the authorized persons listed under the section entitled “Disclosure or Transfer of Data”.

You are strongly recommended to read this privacy policy statement (“Privacy Policy”) carefully to have an understanding of the Company’s policy and practices with regard to the treatment of personal information and data provided by you.
If you have any questions or concerns regarding this Privacy Policy, you may contact the Customer Service Department of the Company through one of the communication channels set out in the “Contact Us” section below.

I. Collection of Personal Data

By providing your personal data to us, you are consenting to this Privacy Policy and to the collection, use, access, transfer, storage and processing of your personal data for the purposes described in this Privacy Policy.

The Company does not actively collect personal data of minors under the age of 16. If you are under 16, you should obtain consent from your parents or guardians before providing the Company with your personal data. If the Company finds out it has unintentionally collected personal data from a minor and consent from the minor’s parents or guardians has not been obtained, we will take steps to delete such personal data collected

II. Purpose of Collection of Personal Data

In the course of using our services, you may disclose or be asked to provide personal data. In order to have the benefit of and enjoy various services offered by the Company and/or its affiliates, it may be necessary for you to provide the Company with your personal data. Although you are not obliged to provide the personal data as requested, the Company may not be able to render certain services to you in the event that you fail to do so.

The Company’s purposes for collection of personal data include but not limited to the following:

(a) for the daily operation of services provided to customers, offline or online;
(b) providing customers with after-sale services (such as for warranty and related services);
(c) identifying customers who have enjoyed and used our services ;
(d) providing customers with marketing and promotional materials for their enjoyment of benefits provided by the Company identifying customers who have enjoyed their benefits as customers by receiving and using marketing and promotional materials;
(e) allowing customers to enjoy their benefits by enrolling for promotional events hosted by the Company and/or its affiliates;
(f) conducting satisfaction surveys with customers and market analysis;
(g) addressing requests or enquiries made by customers;
(h) designing and providing products and services to customers in relation to the above purposes;
(i) facilitating the Company and/ or its affiliates to investigate any disputes (or any potential disputes or claims) arising out of or associated with a required or recommended service provided (or to be provided) by the Company;
(j) enabling the Company to monitor the quality of services provided by its staff and carry out corresponding internal training and/ or disciplinary action where appropriate;
(k) notifying you of any changes to the Websites or to our services that may affect you;
(l) complying with the applicable laws of any jurisdiction; and
(m) any other purposes incidental and directly related to any of the above.

III. Direct Marketing

Where you have given consent and have not subsequently opted out, or where permitted under the Ordinance, the Company may use your personal data for direct marketing carried out by the Company and/or its affiliates via newsletters and various promotional and marketing materials. For such purpose, your personal data may be provided to any of the Company’s affiliates, including its regional offices.

The purposes, uses and treatment of personal data collected for direct marketing purposes will be stated in the relevant Personal Information Collection Statement (“PICS”) provided at the time of collection of such personal data. Suitable measures will be implemented to make available to you the options to “opt out” of receiving any direct marketing materials from the Company.

IV. Use of Websites

1. Cookies and Log Files

Cookies are small pieces of data stored on the computer or other devices when websites are loaded in a browser. To enhance your experience on the Websites, the Company may use cookies to analyze website traffic and personalize website content in the following ways:

(a) recognize you whenever you visit the Websites;
(b) obtain information about your preferences, viewing and browsing behavior, online movements and use of the Internet;
(c) carry out research and statistical analysis to help improve the Company’s services and to better understand users of the Company’s services;
(d) enhance your online experience; and
(e) enable tighter security.

Information obtained by the Company in the manners above may not contain your personal data. Although the Company may obtain information about your computer or other electronic device such as IP address, browser settings, browsing records, referring/exit pages, operating systems, date/time stamp and/or other Internet log information, the Company may not be able to identity you personally. To the extent that non-personal data is combined with personal data, the Company treats the combined data as personal data for the purpose of this Privacy Policy.

By staying on the Websites, you are deemed to have agreed to the use of these cookies and log files. If you want to disallow the use of cookies, you can do so on your own web browser. However, if you do not accept the cookies or withdraw your consent, you may not be able to use some of the functions on the Websites.

Please note that third parties may use cookies too. You should refer to the relevant third parties’ cookies policy, which may be amended from time to time.

2. Links to Other Sites

The Websites may provide links to other websites which are not owned, operated or controlled by the Company. Personal data from you using the Websites may be collected on these other websites when you visit such websites and make use of the services provided therein. Where and when you decide to click on any hyperlink on the Websites which grants you access to another website, the protection of your personal data which are deemed to be private and confidential may be exposed in these other websites.

You by using the Websites are deemed to have consented to the terms of this Privacy Policy. If you gain access to the Websites from external sources, such as your accounts in online social networking tools (including but not limited to Facebook, YouTube and Instagram), you are deemed to have consented to the terms of this Privacy Policy, and personal data which you have provided to those networking tools may be obtained by the Company and be used by the Company and its authorized persons in and outside of your country/region for the purpose of providing services and marketing materials to you. The Company and its authorized personnel may gain access to and use the personal data so obtained, subject to the other provisions of this Privacy Policy.

This Privacy Policy is only applicable to persons utilising the services provided by the Company and/or its affiliates. You are reminded that this Privacy Policy grants no protection to your personal data that may be exposed on websites other than the Websites, and the Company is not responsible for the privacy practices of such other websites. You are strongly recommended to refer to the privacy policy of such other websites.

V. Disclosure or Transfer of Data

The Company agrees to take all practicable steps to keep your personal data collected confidential and/or undisclosed, subject to the following.

Generally speaking, the Company will only disclose and/or transfer your personal data to the Company’s staff for the purpose of providing services to you. However, the Company may disclose and/or transfer such personal data to third parties under the following circumstances:

(a) where the personal data is disclosed and/or transferred to the Company, any third-party suppliers or external service providers who have been duly authorized by the Company to use such personal data and who will facilitate the services, such as warranty and after-sale services provided by the Company and/or its affiliates, under a duty of confidentiality;
(b) where the personal data is disclosed and/or transferred to any agents or affiliates of the Company including its regional offices who have been duly authorized by the Company to use such personal data;
(c) where the Company needs to protect and defend its rights and property;
(d) where the Company considers necessary to do so in order to comply with the applicable laws and regulations, including without limitation compliance with a judicial proceeding, court order, or legal process served on the Company and/or its affiliates; and
(e) where the Company deems necessary in order to maintain and improve the services provided by the Company.

Personal data collected by the Company may be transferred, stored and processed in any country/region in which the Company and/or its affiliates operate. By using the Services, you are deemed to have agreed to, consented to and authorized the Company to disclose and/or transfer your personal data under the circumstances stated above, as well as to any transfer, disclosure and use of personal data outside of your country/region.

VI. Management of Personal Data and Security Measures

All personal data provided by you is only accessible by the authorized personnel of the Company, its affiliates, or its authorized third parties, and such personnel shall be instructed to observe the terms of this Privacy Policy when accessing such personal data. You may rest assured that your personal data will only be kept for as long as is necessary to fulfil the purpose for which it is collected.

The Company follows generally accepted industry standards to protect the personal data submitted by you, both during transmission and once the Company receives it.

If the Company has to transfer any acquired personal data to a third country/jurisdiction, we shall take appropriate protection measures necessary for international data transfer.
However, no method of transmission or storage of data is 100% secure, regardless the data is provided in person, via phone or internet. In addition, the Company’s technical system could not guarantee online security and may not be capable of resisting “tampering” or “computer hacker” invasion. In this connection, Company’s efforts have been made to prevent and minimize unauthorized third-party access and improper use of your personal data.

VII. Rights of Access to Personal Data

We respect your rights to your personal data, and you are entitled to request access to, and/or request us to disclose, correct, discontinue to use, or delete any of your personal data in our possession in accordance with the provisions of the Ordinance.
Please note that all such data access requests should be made using the form specified by the Privacy Commissioner for Personal Data which is accessible from the following link (https://www.pcpd.org.hk/english/publications/files/Dforme.pdf), and are addressed to the Customer Service Department of the Company through one of the communication channels set out in the “Contact Us” section below.

In the event that you wish to access or amend your personal data, the Company may request you to provide personal details in order to verify and confirm your identity. The HKID card number or passport number or business registration certificate number records kept with the Company cannot be amended unless such data is proved to be inaccurate. The Company is required to respond to your requests within 40 days of the request and will endeavour to do so wherever possible.

VIII. Retention of Personal Data

The Company takes all reasonably practicable steps to ensure that your personal data will not be kept longer than is necessary for the fulfilment of the purposes (or any directly related purpose) for which the personal data is or is to be used as indicated in this Privacy Policy, unless the retention is otherwise permitted or required by law.

In the event any law enforcement agency or regulatory body requests that any personal data collected by the Company be preserved for the purpose of an active investigation of a crime, the relevant personal data may be retained until such time when it is collected by the relevant law enforcement agency or regulatory body.

IX. Changes in the Privacy Policy

The Company hereby expressly reserves the right to update, revise, modify or amend this Privacy Policy at any time as the Company deems necessary and you are strongly recommended to review this Privacy Policy frequently. If the Company decides to update, revise, modify or amend this Privacy Policy, the Company will post those changes at the Websites and/or other places the Company deems appropriate so that you would be aware of any updates to this Privacy Policy.

If the Company makes material changes to this Privacy Policy, the Company will notify you on the Websites.

X. Contact Us

For any enquires related to this Privacy Policy, you may contact us by the following methods:

By Post:
Customer Service Department
2/F, 64 Hung To Road, Kwun Tong, Kowloon

By Email:
cs_dept@citizen.com.hk


Citizen Group EU Personal Data Protection Policy

Under the belief that it is an important societal responsibility of us to appropriately protect and handle personal data of individuals living in the European Union (hereinafter referred to as “EU”) region, the Citizen Group (hereinafter referred to as “We” or “we”), a group consisting of Citizen Watch Co., Ltd. and its subsidiaries, hereby establish this EU Personal Data Protection Policy (hereinafter referred to as “this Privacy Policy”), and shall comply with the “Regulation of the European Parliament and of the Council on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data” (hereinafter referred to as “GDPR”) and other laws, regulations and guidelines on protection of personal information in EU as well as our regulations on protection and handling of personal information and this Privacy Policy and make efforts to thoroughly protect, manage and use all of the personal data we acquire and use.

Unless otherwise provided for herein, the terms as used herein shall have the meanings assigned to them in the GDPR and other laws and regulations on protection and handling of personal information in EU.

1. Acquisition of Personal Data

In acquiring any personal data, we shall use a proper and fair means and, except the case where any exceptional handling is permitted by laws and regulations, ask a person identified by the relevant personal data as their owner (hereinafter referred to as “Principal”) to voluntarily provide us with said personal data.

We shall, in receiving any personal data from a Principal, expressly notify him/her of the purpose of use in advance and obtain his/her consent to said purpose of use after explaining that he/she can withdraw said consent at any time, and we shall use said personal data within the scope of the purpose of use he/she has agreed to.


Except the case where we obtain a prior consent of a Principal or where it is permitted by laws and regulations, we shall not acquire any “special categories of personal data.”

2. Purpose of Use of Personal Data

We shall use personal data for the purpose of use of personal data determined by a company which has received said personal data (hereinafter referred to as “Company”).

3. Management of Personal Data

We shall appoint a manager at every section which handles personal data for protection of, manage appropriately and carefully, take necessary and appropriate measures to prevent unauthorized access to, and loss, destruction, falsification and leakage of, and thereby protect, any personal data under our possession.

If we recognize an infringement of any personal data, we shall promptly take necessary measures and properly address it. Additionally, when a Principal having provided any personal data is expected to suffer any damage, we shall notify him/her of necessary information as needed.

4. No Disclosure to a Third Party of Personal Data

Except the case where any exceptional handling is permitted by laws and regulations or by provisions of the relevant Company, we shall not disclose or provide to a third party any personal data we have acquired from a Principal, without his/her consent.

5. Disclosure, Correction, Deletion, etc. of Personal Data under Possession

(1) When a Principal having provided any personal data desires any of the following treatments, please contact a personal information inquiry counter of the relevant Company. According to your rights prescribed in laws and regulations on protection of personal information in EU, we shall appropriately respond to it.

(i) When the Principal desires to gain access to any personal data.
(ii) When the Principal desires to correct any personal data.
(iii) When the Principal desires to delete any personal data.
(iv) When the Principal desires to impose restrictions on handling of any personal data.
(v) When the Principal desires data portability.
(vi) When the Principal desires to raise an objection.
(vii) When the Principal desires not to be covered by the automatic decision-making.

In taking the steps, please submit the following documents by mail or by email.

- An application form for request for disclosure of personal data, etc. as prescribed by the relevant Company
- A document verifying the identity of the Principal as prescribed by the relevant Company

- A document verifying the identity of the proxy as prescribed by the relevant Company

(2) To prevent Principal’s any personal data from being falsified or leaked, etc. by a third party, we shall respond to you by mail or by email only when the Principal’s identification has been confirmed through submitted documents.

While we make efforts to provide prompt response to meet your request, please note that it may take time as we work on confirmation of the registered personal data and on ensuring accuracy of response.

(3) We do not return any request form or verification documents received from a Principal or his/her proxy. Please note that the request form shall be maintained in a proper manner by each Company and the verification documents shall be disposed of by each Company by appropriate means when the purpose of use is completed.

6. Handling of Personal Data of a Person Under 16 Years Old

We protect and treat personal data of a person under 16 years old in equal measures as we protect major individuals' personal data. We shall obtain parental guardian's consent as needed when we receive any personal data from a person under 16 years old.

7. Management of Website

(1) In operating our website, we are taking appropriate systemic and operational security measures, including, but not limited to, the establishment of the server management system and the access restriction, in order to securely manage any personal data.

(2) When individuals contact us via our website, all the data are encrypted and protected by transmission using SSL (Secure Sockets Layer) protocol for safety purpose.

(3) We may use cookies in part of our service on our website. They are used for the purpose of improving the quality of our service with statistical processing of website access information, and will not violate any individuals' privacy.

8. International Transfer of EU Personal Data to Outside EU

If we have to internationally transfer any acquired personal data to a third country outside EU, we shall take appropriate protection measures necessary for international data transfer.




9. Change in EU Personal Data Protection Policy

Please note that contents of this EU Personal Data Protection Policy may be changed as necessary, for the purpose of the protection of personal data or of the response to change in laws and regulations, etc.

10. Inquiries

With respect to inquiries concerning your personal data, please contact a personal information inquiry counter of the relevant Company.

* ‘European Union (EU) region’ means the member state of the European Economic Area (EEA) including EU member states in this privacy policy.

https://www.citizen.co.jp/global/policy/group.html


Should there be any discrepancy between the English and Chinese versions, the English version shall prevail.