fbpx

A. Overview of legal documents for setting up and managing company websites

Each Fujifilm group company collects, processes and uses certain personal data of its website visitors. As stipulated in section C.3. of the internal Data Protection Policy applicable to your entity, managers and other personnel that are responsible for setting up and managing websites must ensure that personal data is collected, processed and used in accordance with applicable law and with Fujifilm’s standard requirements and appropriate service and privacy terms that provide the necessary transparency to the user about the collection, processing and use of his or her data. This also includes the use of cookies and other tracking technologies (e.g. Google Analytics/ Tags, Marketo, Eloqua, etc).

Fujifilm provides two different documents for this purpose:

  • The Fujifilm Standard Privacy Policy with instructions how to adapt the standard privacy policy for your business, how to install the privacy policy and the legal notice (imprint) on your website; and
  • This Fujifilm E-Commerce Policy with instructions for collecting data for direct marketing purposes, integration of the standard privacy policy into your website processes, direct marketing in general, dealing with existing customer data and including cookie disclaimers.

Scope
Please note that websites must comply with all applicable laws. This document and the Fujifilm Standard Privacy Policy address the new GDPR, EDPB Guidelines 05/2020 as well as existing EU Cookie Directive and ePrivacy Directive requirements and for entities marketing to residents in Germany, Austria and/or Switzerland, additional rules for obtaining consent (so called “double opt in”) but it is not a complete compliance checklist for websites/ all e-commerce activities.

Translation
A separate document containing the Fujifilm standard consent declaration and Fujifilm standard cookie wording set out in this Fujifilm E-Commerce Policy in English is already available and shared with this document. Translations of that document in your local languages will be available shortly.

B. Consent declaration

Collecting data for direct marketing purposes requires consent of the data subject. Consent of the data subject means that an individual agrees to processing his or her personal data by way of a freely given, specific, informed and unambiguous indication. Consent must be obtained beforesending newsletter or other marketing communications.

The Fujifilm standard consent declaration consists of a tick box, information about the intended purpose, the Fujifilm entity that is collecting the personal data, information about the possibility to object to the newsletter or other marketing communication and a reference/link to your privacy policy.

Example

  • Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication). I agree that FUJIFILM My Photobook South Africa (Pty) Ltd can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected]). More about FUJIFILM My Photobook South Africa (Pty) Ltd and our Privacy Policy can be found here.

Legal requirements for use of Fujifilm standard consent declaration (general checklist)

1. The Fujifilm website must make clear which legal entity is responsible for the use of data.
2. Consent must always require active clicking of tick boxes (not pre-ticked).
3. There must be clear indication that the user may at any time withdraw his/her consent. (Sentence: I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected])
4. There must be a clear reference to the privacy policy and a link to the privacy policy provided.
5. Ensure from a technical perspective that the consent is recorded and that you can prove that customer gave consent by ticking the box.
6. Only send newsletters/other marketing communications to customers that have given consent.

C. Integration into website

1. Stand-alone solution
In a stand-alone solution the customer subscribes for a newsletter/ other marketing communication without any other activity like creating a customer account or placing an order.

Requirements for stand-alone solution: field(s) and Fujifilm standard consent declaration

Example
E-Mail*
*required

  • Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication) regarding your products/services:-
    6.1.1. Teleradiology;
    6.1.2. Vendor Neutral Archive;
    6.1.3. Picture Archiving and Radiology Systems (PACS/RIS);
    6.1.4. Photobooks;
    6.1.5. Fujifilm Online Store and Social Media.

I agree that FUJIFILM My Photobook South Africa (Pty) Ltd can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected]. More about My Photobook South Africa (Pty) Ltd and our Privacy Policy can be found here.

Optional: You can also include the fields “first name” and “last name”, however they should not be marked required.

Example

First name
Last name
E-Mail*
*required

  • Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication). I agree that FUJIFILM My Photobook South Africa (Pty) Ltd can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected]. More about FUJIFILM  My Photobook South Africa (Pty) Ltd and our Privacy Policy can be found
    here.

2. Newsletter subscription together with creating a customer account

You can integrate the Fujifilm standard consent declaration into the process of creating a customer account. There are two differences to the stand-alone solution:

  • Fields: Generally more fields (than just e-mail, first name, last name) are used/ required for the registration for a customer account.
  • Reference/ link to the privacy policy: The privacy policy must be linked to the customer account, not only to the newsletter/ other marketing communication subscription.

Example

Fields for
customer account
registration

  • Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication). I agree that FUJIFILM My Photobook South Africa (Pty) Ltd can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected].

I have taken notice of the FUJIFILM Photobook South Africa (Pty) Ltd Privacy Policy.

Ensure (in addition to the general checklist under section B.)

Consent for direct marketing must be optional and not “required”. This means that the customer must be able to create an account without ticking the box for newsletter/other marketing communication subscription.

3. Newsletter subscription together with placing an order

You can integrate the Fujifilm standard consent declaration into the process of placing an order in
a webshop. There are two differences to the stand-alone solution:

  • Fields: Generally more fields (than just e-mail, first name, last name) are used/ required for placing an order. Furthermore details required for placing an order are usually already stored in the customer account.
  • Reference/ link to the privacy policy: The privacy policy must be linked to the purchase as such, not only to the newsletter/ other marketing communication subscription. Furthermore, the customer must accept the webshop/ purchase terms and conditions before confirming his order. For this reason another tick box is required in this process.

Example

Fields required
for placing an
order (if applicable/ if not stored in
customer
account)

  •  Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication). I agree that FUJIFILM My Photobook South Africa (Pty) Ltd can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected].

I have taken notice of the terms and conditions and I accept these. I have taken notice of the FUJIFILM My Photobook South Africa (Pty) Ltd Privacy Policy.

Ensure (in addition to the general checklist under section B.)

Consent for direct marketing must be optional and not “required”. This means that the customer must be able to confirm an order without ticking the box for newsletter/ other marketing communication subscription.

Acceptance of the terms and conditions must be required. This means that no order can be placed without ticking this box.

4. Double opt-in (best practice for Germany, Austria and Switzerland)

Websites that market to recipients residing in Germany, Austria and Switzerland should use doubleopt-in when collecting personal data (including email addresses) for marketing purposes. Of course, all other entities can also implement double opt-in, if they wish.

Explanation of double opt-in
The recipient has given its prior consent to receive a newsletter or other marketing communication(the initial opt-in) by clicking the box of the Fujifilm standard consent declaration (as explained under section C.1-3 above). Your entity has then to take a further step to verify the recipient´s initial consent. This is done by sending an e-mail to the recipient asking it to click on a link in the email to confirm his consent.

Reason for double opt-in
German case law shows that the judges often only accept the double opt-in procedure to prove consent. The double opt-in procedure ensures that the owner of the e-mail address confirms his consent. This way it can be prevented that a person uses somebody else´s contact details (be it deliberately or accidentally) for e-marketing registrations. Austrian and Swiss courts tend to adhere to German case law.

Example of the double opt-in confirmation e-mail

Please confirm your subscription.

Please click here to complete your registration for the FUJIFILM newsletter and other marketing communication.

Check list for double opt in Details for double opt-in procedure

1. Best practice for German, Austria and Switzerland Any Fujifilm German, Austrian or Swiss entity which manages a website addressing customers residing in Germany, Austria and Switzerland.
2. Best practice for any website with active focus on Germany, Austria or Switzerland Any Fujifilm entity (not necessarily being a German, Austrian or Swiss entity) actively marketing to customers residing in Germany, Austria and Switzerland. An active focus would be things like:
– Offering a website also in German language;
– A webshop offering shipping to Germany, Austria or Switzerland;
– A webshop accepting payment in Euros or Swiss
francs;
Double opt-in should apply to visitors that reside in Germany, Austria and Switzerland and register for a newsletter/ other marketing communication. This requires
the field “country” in the registration process in order to identify (“filter”) these visitors. Of course, double opt-in can also be implemented with respect to all visitors; however, this is not required.
3. Voluntarily for all other entities The requirements set out in this column under 4-8 also apply where your entity adopts the double opt-in procedure voluntarily.
4. Double opt in applies in addition to standard registration procedure The confirmation e-mail applies in addition to the normal registration process; hence you must adhere to the subscription procedure as set out under section B. 1-3 above and the requirements set out under section D. below.
5. Requirement for confirmation email Must include full footer information like:
-Company name, Address,
-Managing Director,
-Registration Number
6. Requirement for confirmation email Do not include any advertisement in the confirmation email, it must be a neutral e-mail.
7. Storage of second opt-in Store the second opt in (the confirmation) in a database
8. Start marketing Only send newsletter/ other marketing communication after you have received and stored the second opt-in (the confirmation).

5. Customer account/ webshop without subscription for newsletter/ other marketing communication

In this situation follow the instructions under section C.2 and C.3 to ensure that a proper reference/ link to your privacy policy is included. The tick box with marketing opt-in (Fujifilm standard consent declaration) and the corresponding instruction can be disregarded.

D. Other requirements for newsletters and other marketing communications (in addition to the general checklists under section B. above)

Activity 
1. Newsletter and other marketing communication

Activity 
Requirement
Must include an unsubscribe link.

2. Newsletter and other marketing communication

Requirement
Must include a link to your privacy policy like: “For details of our Privacy Policy, please click here.”

3. Newsletter and other marketing communication

Requirement
Must include full footer information like:
-Company name, Address,
-Managing Director,
-Registration Number

4. Newsletter and other marketing communication

Requirement
Ensure that customers that unsubscribe do not receiveany newsletters or other marketing communications.

5. Website and any kind of communication

Requirement
Remove and do not use any statement like: we do not share your data with third parties etc. on your website or in any kind of communication. This information is included in the Fujifilm privacy policy under section “Transfer”.

6. Collecting data with online/digital forms

Requirement
If you provide online/ digital forms by means of which customer can place a support request, register for events and webinars, ensure that the personal data collected is only used for the respective purpose (e.g. for responding to support request, carrying out the event or webinar),  and not for any marketing purposes. If you want to use the personal data for marketing you must include a separate tick box with marketing opt-in as describe above (Fujifilm standard consent declaration).

7. Collecting personal data with online/ digital forms

Requirement
If you use such online/ digital forms always include a reference/ link to your privacy policy (as described above under section C). A tick box is not required.

8. Other forms of marketing communication

Requirement
If you market to your customer via any means other than e-mail and post, e.g. phone, then you will need a different consent for each type of communication, please speak to your ELD representative for acceptable consent wording.

E. Existing customers and consent

1. General
For existing customers that have not given consent in the way described above, section 13(2) of the ePrivacy-Directive 2002/58/EC (“ePrivacy Directive”) states that direct marketing is permitted under strict requirements.

According to section 13(2) of the ePrivacy Directive E-Mail advertisement can be permitted if

– the company obtains from its customers their electronic contact details for electronic mail;
– in the context of the sale of a product or a service;
– in which case the company uses this for direct marketing of its own similar products or
services;
– provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details when they are
collected and on the occasion of each message [= the unsubscribe section in each newsletter or other marketing communication] in case the customer has not initially refused such use.

2. Reliance on this legal ground
The tricky thing with this legal ground is that i) all requirements must be fulfilled and ii) in case of a complaint the relevant Fujifilm entity must be able to evidence that all requirements are fulfilled. This means you must assess whether customer details were collected in accordance with all of the criteria stipulated in section 13(2) ePrivacy-Directive and whether this can be proved with evidence.

3. Commercial decision
If there is customer data for which a proper consent as described in this policy has not been given or where reliance on the legal ground of section 13(2) ePrivacy-Directive is not possible due to lack of evidence, it will be a commercial decision whether to use such data. The risk will typically be customer’s complaints about such unsolicited emails.
We provide below an overview of facts based on our experience that in most cases mitigate the risk of using such data. This may be helpful for your decision.
However, please note and appreciate that the responsibility for this commercial decision rests with you respectively your (senior) management.

Facts that mitigate the risk of using existing customer details without proper consent

  • Business to business situation
  • Business to consumer situation and no (or very seldom) marketing complaints
  • Immediate unsubscription is ensured
  • Pre-ticked box was used
  • Pre-ticked box was used and consent has been technically recorded

Facts that imply a risk for using existing customer details without proper consent

  • Business to consumer situation and marketing complaints have been lodged and even disputes have occurred
  • Strong consumer lobby activities

4. Asking for consent by e-mail or other digital means (pop-up window)
It is always possible to send an email to your customers and to ask for their consent for newsletters and other marketing communications. Consent is given by responding to the email or clicking on a link installed in the email. You can use the Fujifilm standard consent declaration (please refer to section B. above).

Ensure
To not include any advertisement in the e-mail, it must be a neutral e-mail.
To comply with the general checklist under section B.
To include full footer information in the e-mail like:
-Company name, address,
-Managing Director,
-Registration Number.

Example

By clicking on this link [or responding to the email] I confirm that

Yes, I’d like to receive more information regarding FUJIFILM products and services via e-mail (e.g. by newsletter or other marketing communication). I agree that FUJIFILM My Photobook  can use my contact data in accordance with its Privacy Policy to inform me about FUJIFILM products and services by e-mail. I can at any time withdraw my consent by using the ‘unsubscribe’ link in any newsletter or other marketing communication or by e-mail to [email protected]/[email protected].

More about FUJIFILM xxx and our Privacy Policy can be found here.

F. Cookie disclaimer

1. General
Art. 5(3) of Directive 2002/58/EC as amended by Directive 2009/136/EG (“Cookie Directive”) requires that each website must have a cookie banner/ disclaimer which informs the visitor about the use of cookies. The visitor must give consent to the use of cookies before a cookie is place or
information is collected.

The specific wording and the technical installation of such a cookie notification depends on the specifications of your websites. The table below under section 2 provides specific requirements that should be taken into account.

Please find below Fujifilm´s standard wording and technical implementation for the cookie banner. However, it still must be adapted to the specific circumstances of your website. Furthermore please verify whether the information in yellow brackets is applicable and the technical setting in green brackets is possible.

Fujifilm standard cookie wording with overlay technique

Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to [remember log-in details and provide secure log-in], collect statistics to optimize site functionality, and deliver content tailored to your interest. For more information you can read our
Privacy Policy.

Click “Agree and Proceed” to accept cookies and go directly to the site [or click “More Options” to see options to change your cookie settings].

Installation of the overlay technique:
Please ensure that before clicking “Agree and Proceed” the website is blocked and cannot be accessed. The visitor gives consent by clicking “Agree and Proceed”. From a technical perspective such consent is also a cookie and it is the first cookie that is placed. With help of this cookie the website identifies the visitor when he visits the website again. Consent is not required for each time the cookie is read / visitor visits the website.

Alternative:
Fujifilm standard cookie wording with “click away solution”

Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to [remember log-in details and provide secure log-in], collect statistics to optimize site functionality, and deliver content tailored to your interest.

By continuing to use this website site you are giving us your consent to do this. For more information you can read our Privacy Policy.

Installation of the “click away solution”:
The cookie information banner informs the visitor about the cookies from the moment the visitor accesses the website. The visitor “gives consent” by continuing to use the website. The website can be accessed and cookies can be placed. The cookie information banner must be displayed on the website for the whole time of the visit until the visitor clicks away the cookie information banner by closing it. Consequently if the visitor leaves the website without clicking away the cookie information banner and re-visits the website, the cookie information banner is must be displayed again.

However, if the visitor clicks away the cookie information banner a cookie is placed and with help of this cookie the website identifies the visitor when he visits the website again. In this case the cookie information banner does not have to be shown again.

2. Specific requirements

Issue Requirements

General requirements for legitimate use

  • The life span of cookies and the scope of consent should be limited in terms of time, e.g. to a period of 1 year
  • Cookie data should not be combined with specific other information e.g. login-data etc. in order to personalize cookies

Installation of cookie banner

  • The Cookie Directive does not prescribe a particular technology: a pop-up solution is not the only way to comply with the opt-in requirements, other possibilities are: static information banner on use of cookies, splash screen etc.
  • To be as user friendly as possible, information must be easily accessible and highly visible, not hidden in general terms & conditions or privacy
    statements
  • Consent to be obtained before cookie is placed or information is collected
  • Consent must be stored/ recorded
  • Consent is not required for each time the cookie is read. Cookies can be set and used until settings are changed, provided that cookies are (1) limited in time, (2) sufficient information is given and (3) the consent might be revoked at any time
  • Data subjects should be offered the possibility to easily revoke their consent to being monitored, this requires that user can change the cookie settings of the website easily