Ryohin Keikaku Europe Limited
We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information when you use this website or otherwise provide your data to us, including when you sign up to receive MUJI Mail, purchase a product, register an online account, or when we do business with your employer.
This website is not intended for children.
It is important that you read this privacy notice together with any other notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal information about you. When we do so we are subject to data protection legislation and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
It would be helpful to start by explaining some key terms used in this notice:
|We, us, our
|Ryohin Keikaku Europe Limited
Bedford House, 21a John Street, London WC1N 2BF
And companies within the Muji group, as set out below
|Muji group (our ‘Group’)
|Ryohin Keikaku Co., Ltd; MUJI EUROPE HOLDINGS LTD.; Ryohin Keikaku France SAS; MUJI ITALIA S.p.A.; MUJI Deutschland GmbH; MUJI SPAIN, S.L.; MUJI PORTUGAL, LDA; MUJI Sweden Aktiebolag; MUJI Switzerland AG; MUJI Finland Oy; Muji Denmark ApS
|Personal data or personal information
|Any information relating to an identified or identifiable individual
|Special category personal information
|Personal information revealing racial or ethnic origin, political opinions, We will not retain your personal information for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal information. Further details on this are available in our retention notice, which is available on request
Religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data
Data concerning health, sex life or sexual orientation
|References in this notice to ‘customers’ include customers of companies within the Muji Group
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
1. The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes billing address, delivery address, email address and telephone numbers.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
• Professional Data includes your professional interests and your professional online presence e.g. LinkedIn profile.
• Verification Data includes data required to enable us to check and verify identity and to enable us to undertake credit or other financial checks on customers
• Technical Data includes internet protocol (IP) address, your account login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Account Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our website and products.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your preferred method to receive such marketing communications.
• CCTV Data includes CCTV and video images of you when you visit our stores.
We also collect and use Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you.
If you fail to provide personal data
Where we need to collect personal data by law, or where we need personal data so that we can enter into or perform a contract with you to provide our products and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods). In this case, we may have to cancel an order you have made with us but we will notify you if this is the case at the time
2. How your personal information is collected
We collect most of this personal information directly from you—in person, by telephone, text or email and/or via our website. However, we may also collect information:
• from publicly accessible sources, e.g. Companies House or HM Land Registry;
• directly from a third party, e.g.:
— from a Group company;
— sanctions screening providers;
— credit reference agencies;
— customer due diligence providers; or
— your employer.
• from a third party with your consent, e.g. from your bank or building society;
• via our IT systems, e.g.:
— door entry systems and reception logs; and
— automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
3. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
Click here to find out more about the types of lawful basis that we will rely on to process your personal data:
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
4. Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Lawful basis for processing including basis of legitimate interest
|To register you as a new customer
|Performance of a contract with you
|To provide products and to process and deliver your order including to:
(a) manage payments, fees and charges
(b) collect and recover money owed to us
|(a) performance of a contract with you
(b) necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you which will include:
(b) asking you to leave a review or take a survey
|(a) performance of a contract with you
(b) necessary to comply with a legal obligation
(c) necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw, competition or complete a survey
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|(a) necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) necessary to comply with a legal obligations
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|To make suggestions and recommendations about products or services that may be of interest to you
|Necessary for our legitimate interests (to develop our products/services and grow our business)
|To prevent and detect fraud against you, us or a company within our Group
|For our legitimate interests or those of a third party, i.e. to minimise fraud that could be damaging for us and for you
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
|To comply with our legal and regulatory obligations
|Ensuring business policies are adhered to, e.g. policies covering security and internet use
|For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best products/services
|Operational reasons, such as improving efficiency, training and quality control
|For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best products/services
|Ensuring the confidentiality of commercially sensitive information
|For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information to comply with our legal and regulatory obligations
|Preventing unauthorised access and modifications to systems
|For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you to comply with our legal and regulatory obligations
|Updating and enhancing customer records
|For the performance of our contract with you or to take steps at your request before entering into a contract to comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products
|Ensuring safe working practices, staff administration and assessments
|To comply with our legal and regulatory obligations for our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
|Marketing our services and those of selected third parties to:
— existing and former customers;
— third parties who have previously expressed an interest in our services; and
— third parties with whom we have had no previous dealings
|For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers
|Credit reference checks via external credit reference agencies
|For our legitimate interests or those of a third party, i.e. to ensure customers are likely to be able to pay for products
|External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts
|For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards to comply with our legal and regulatory obligations
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the Muji Group of companies for marketing purposes.
You can ask us to stop sending you marketing messages at any time by:
• following the opt-out links on any marketing message sent to you; or
• by contacting us at any time.
You can also request to opt-in or to opt-out to receiving MUJI Mail on your online account.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We routinely share personal information with:
• companies within our Group;
• third parties we use to help deliver our products and services, e.g. payment service providers, warehouses and delivery companies;
• other third parties we use to help us run our business, e.g. marketing agencies or website hosts;
• third parties approved by you:
— e.g. social media sites you choose to link your account to or third party payment providers;
— and our email marketing provider, Klaviyo, to which you consent to us tailoring our marketing communications with you. With your consent, we shall only share the following data: your name, your email address, products recently viewed by you, products placed in your basket while on our site.
• credit reference agencies;
• our insurers and brokers; and
• our bank/s.
We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us, our Group or to you. We may also share personal information with external auditors, e.g. in relation to ISO or Investors in People accreditation and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Where your personal information is held
Information may be held at our offices and those of our Group companies within our Group, third party agencies, service providers, representatives and agents as described above (see above:"We routinely share personal information with").
Some of these third parties may be based outside the UK and the EU. For more information, including on how we safeguard your personal information when this occurs, (see below:'Transferring your personal information out of the UK and the EU').
How long your personal information will be kept
We will not retain your personal information for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of personal information. Further details on this are available in our retention notice, which is available on request.
Transferring your personal information out of the UK and the EU
To deliver goods and services, it is sometimes necessary for us to share your personal information outside the UK and the EU, e.g.:
• with our offices or other companies within our Group located outside the UK or the EU;
• with your and our service providers located outside the UK or the EU;
• if you are based outside the UK or the EU; or
• where there is an international dimension to the goods/services we are providing.
These transfers are subject to special rules under data protection law. This means we can only transfer your personal information to a country or international organisation outside the UK or the EU where:
• the countries to which your data is transferred are deemed to provide an adequate level of protection for personal data;
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
• a specific exception applies under data protection law.
If you would like further information about data transferred outside the UK, please contact us (see "How to contact us" below).
You have the following rights, which you can exercise free of charge:
|The right to be provided with a copy of your personal information (the right of access)
|The right to require us to correct any mistakes in your personal information
|To be forgotten
|The right to require us to delete your personal information—in certain situations
|Restriction of processing
|The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
|The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
|The right to object:
(a) at any time to your personal information being processed for direct marketing (including profiling);
(b) in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision making
|The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
If you would like to exercise any of those rights, please:
• email, call or write to us—see below:‘How to contact us’; and
• let us have enough information to identify you;
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
• let us know what right you want to exercise and the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures to prevent personal information from being accidemation to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
Data protection law also gives you right to lodge a complaint with a supervisory authority with a supervisory authority, this may be where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/ or by telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 25/05/2018 and last updated on 12/11/2021.
We may change this privacy notice from time to time—when we do we will inform you via our website.
How to contact us
Please contact us by post, email or telephone if you have any questions about this privacy notice or the information we hold about you.
Our contact details are shown below:
|Our contact details
|Bedford House, 21a John Street, London WC1N 2BF