Personal Information Protection Policy

McDonald's Holdings Company (Japan), Ltd.
McDonald's Company (Japan), Ltd.

Personal Information Protection Policy

Based on the Act on the Protection of Personal Information (“Personal Information Protection Act”), McDonald's Holdings Company (Japan), Ltd. and McDonald's Company (Japan), Ltd. set forth the Personal Information Protection Policy (“Policy”) concerning personal information of customers and all other persons who engage in the business activities of McDonald's including the shareholders and employees (collectively “Customers”). This Policy applies to all McDonald's companies.
Also, Customers who use websites, mobile applications, and individual services (collectively “Website”) provided by the McDonald's are deemed as having agreed to this Policy.

Translation from Japanese

• Article 1: Definition 
• Article 2: Management 
• Article 3: Specifying the Purpose of Using Personal Information and Its Use 
• Article 4: Personal Information of Children 
• Article 5: Personal Inforamtion and  Information relating to an Individual 
• Article 6: Shared Use of Personal Information within the Group 
• Article 7: Entrustment of Personal Information 
• Article 8: Third Party Provision 
• Article 9: Rights of Customers 
• Article 10: Policy Revision 
• Contact Information

Article 1: Definition

“Personal information” means information relating to a living individual which falls under any of the following:

1. those containing a name, date of birth or other descriptions etc. stated, recorded or otherwise expressed using voice, movement or other methods whereby a specific individual can be identified (including those which can be readily collated with other information and thereby identify a specific individual)
2. those containing an individual identification code

Article 2: Management

McDonald's establishes a personal information protection management supervisor to ensure strict management of personal information, in compliance with the Personal Information Protection Act and company rules relevant to laws and regulations.
Website applies full security measures to its websites against unauthorized access, data leakage, alteration and/or destruction to protect Customers’ personal information. However, these security measures do not provide protection for data communication between Customers’ PC and Website. Each Customers is responsible for the management of security measures.

Article 3: Specifying the Purpose of Using Private Information and Its Use

McDonald's may use personal information collected from Customers for purposes listed below. In case when personal information is going to be used for programs, campaigns, Customers service or other purposes not listed below, the purpose of use will be specified prior to collecting personal information.

• Provide information and or display/deliver advertisements to Customers about our products, services, and others through websites, email, mobile applications, social network and other communication means
• Provide information to Customers about winning a prize, receiving stamps and other awards through websites, email, mobile applications, social network and other communication vehicles, as well as offering a prize or reward
• Use in statistical data for marketing, product development and service enhancement
• Send requests to participate in surveys for new products sampling or mobile applications to enhance product quality and services as well as other actions relating to surveys
• Notify updates on Website as well as its contents (including recruitment information of employees or part-time employees etc.)
• Offer information on products and services of third party alliance companies
• Deal with applications for employees/part-time employees and franchise owners
• Manage employment and communicate with the employees etc.
• Deal with Customers inquiries, deliver products to Customers and/or communicate with Customers as necessary
• Exercise rights and/or perform obligations by the shareholders
• Create and/or manage shareholders’ data etc.
• Communicate with the shareholders, including sending notice of shareholders meeting or benefits
• Other purposes associated to the abovementioned purposes

The McDonald's uses personal information of Customers only within the scope of purposes specified at the time of collecting such information. In case when a situation requires changes within the boundary that is reasonably recognized as relevant to the said specified purpose of use, this will be notified to Customers or announced on the Website. In case when a situation requires the use of Customers’ personal information outside of the boundary that is reasonably recognized as relevant to the said specified purpose of use, consent will be obtained from Customers before use. Customers’ personal information will not be used for the said purpose in case of refusal to give a consent.

Article 4: Personal Information of Children

McDonald's protects personal information of minors to the same degree as personal information of adult. However, children below 13 years old are recommended to use with a parental guardian and his/her consent when children use McDonald's Website or apply for any programs. Children below 13 years old are discouraged from sending personal information to the McDonald's Website without parental consent.
Children below 13 years old are allowed to participate in free giveaway and each scheme; however, winning notification and prizes may be sent to their parent or guardian. In case when a winner is below 13 years old, consent from his/her parent or guardian will be obtained prior to announcing the above winner’s name, age or photos.

Article 5: Personal Information and Information relating to an Individual

1. Information handled by McDonald's
   Name, date of birth, sex, phone number, address, postal codes, email address, history of purchase, point ID, point usage and other information provided through entry forms.
2. Information collected automatically by use of Website
   Devise information (Devise ID, IP address etc.), log information, Cookie, location information and other informative information (AAID, IDFA etc.)

When a Customers desires discontinuation of use of informative information, please set the restriction for an advertising identifier (opt out) etc. in accordance with the guide described in the following website.
However, if a Customers takes such measures, use of services such as this Website may be restricted and/or a part of features provided through services may be unavailable.

• Set IDFA which is an advertising identifier on iOS device
  [Apple Support Center] http://support.apple.com/kb/HT4228?viewlocale=ja_JP&locale=en_US 
• Set Google Advertising ID which is an advertising identifier on Android device
  [Advertising ID - Google Play Help] https://support.google.com/googleplay/answer/3405269 

Article 6: Shared Use of Personal Information within the Group

Personal information of Customers may be used by the following shared users within the scope of specified purpose of use:

1. Scope of shared users:
   McDonald's Corporation, McDonald's Holdings Company (Japan), Ltd., McDonald's Company (Japan), Ltd., and affiliates and franchisees of these companies.
2. Purpose of use:
   1. Marketing program to merchandise products and/or services
   2. Handle Customers inquiries about products and/or services provided by individual group companies, or to communicate and/or delegate the task to assigned companies
   3. Implement business with Customers in an appropriate and smooth manner
3. Management supervisor of shared use:
   McDonald's Company (Japan), Ltd.

Article 7: Entrustment of Personal Information

1. McDonald's may entrust the handling of personal information by executing a strict personal information protection agreement with a partner company that has an adequate system to protect personal information. In addition, names and addresses etc. may be provided to couriers to deliver products.
2. Entrustment to a Third Party in a Foreign Country
   McDonald's selects business operators in the countries prescribed by the Rule of the Personal Information Protection Commission or business operators establishing the system conforming to the standards prescribed by the Rule of the Personal Information Protection Commission, and obliges necessary matters for personal information protection to the business operators and exercises appropriate supervision by executing strict personal information protection agreements with such business operators.

Article 8: Third Party Provision

McDonald's does not provide Customers’ information to a third party without prior consent of the said Customers, except in cases stipulated in Article 6 (Shared Use of Personal Information within the Group) or Article 7 (Entrustment of Personal Information). However, McDonald's may provide Customers’ information to a third party without prior consent of the said Customers, to the minimum extent necessary, in the following cases:

1. cases based on laws and regulations;
2. cases in which there is a need to protect a human life or fortune;
3. cases in which there is a need to enhance public hygiene or promote fostering healthy children; or
4. cases in which there is a need to cooperate to public organizations such as the police or courts.

Article 9: Rights of Customers

Providing personal information to McDonald's is optional and Customers may choose not to provide such information. However, this may limit the services Customers can receive. Customers may request the personal information protection management supervisor to disclose their personal information provided to McDonald's, and may seek to revise incorrect personal information, if any. Also, Customers may request to delete such information in case of questionable handling by McDonald's.
Please contact the McDonald's Customers Service Desk to disclose, revise or delete Customers’ personal information.

• McDonald's may be unable to disclose Customers’ personal information if (i) the Customers’ identity cannot be confirmed, (ii) the personal information has been already discarded or deleted, or (iii) the disclosure may cause the material impediment to the proper execution of its businesses
• A fee maybe charged for information disclosure.

Article 10: Policy Revision

This Policy may be revised due to changes of collecting personal information and/or purpose of use etc. A new policy will be applied after the revision. Individual Customers will not be notified of a revision of the Policy but it will be announced by updating this page, and therefore it is recommended to visit this page from time to time.

Contact Information

McDonald's Company (Japan), Ltd., Customer Satisfaction Department
Toll-Free 0120-010-916
Inquiry Form https://www.mcdonalds.co.jp/cgi-bin/cservice/form2/form.cgi?ex=1 

2017.09.27