People privacy notice

Last updated 29 October 2024

1.  Who does this notice affect?

The Notice covers Our People and includes ‘you’, prospective, present and past employees, contractors, agency staff and people connected to you (such as the person you nominate to contact in an emergency), collectively “Workers”. Dentsu and its group of organisations use global HR information systems (‘HRIS’) for employment management and recruitment purposes to capture and store personal data of Our People.

2. Who collects your data?

Dentsu is a global media, creative and customer experience management group made up of several brands. It does business through its subsidiaries and affiliates worldwide. Your personal data is collected by the dentsu organisation that you entered into an employment contract or relationship or a contract for services with, have applied for a role with, or used to work for. Where applicable, this dentsu organisation is a data controller in relation to the personal data that is collected about you. Where this organisation has a market specific People Privacy Notice, please consult that notice. Your personal data may need to be processed by other dentsu organisations for their own independent purposes. In which case, these organisations are also data controllers of your personal data. If you have questions about which dentsu organisation is a data controller in respect of your personal data, please contact your local HR team or, where applicable, your data protection officer.

3. What is not included?

The Notice is intended to tell you how we use personal information but is not intended to create a contract with you. This Notice does not apply to the information we hold about companies or other organisations, or to other companies or organisations collecting and using your personal information. You should review their privacy policies before giving them your personal information.

4. How do we collect your personal data?

When you provide personal data about yourself and others

This is personal data that you provide to the local HR Recruitment team or enter directly into our HRIS. You may also provide us with personal data about others e.g. your dependents. We use this information for HR administration and management reasons. Examples include the administration of employment benefits or contacting your next-of-kin in the event of emergency. To comply with our legal obligations, or where we need this information to fulfil our obligations to you under an employment contract or contract for services, certain data fields in our HRIS are mandatory. Where HRIS fields are voluntary it is your choice if you wish to provide the information requested.

We may collect personal data from other organisations

We may obtain information about you from other organisations. For example, references from your previous employer(s) and background checks where permitted by applicable law. We sometimes advertise through recruitment agencies or use the services of specialist search organisations. These companies will collect your application information. You may also be asked to complete a work preference questionnaire which is used to assess your suitability for the role you have applied for, the results of which are assessed by our recruiters. If you are applying to work with us through an agency, please review their privacy notice for details of how they will handle your information.

5. What kinds of personal data do we collect and how do we use it?

The personal data we collect about you depends on your circumstances, your role, the law where you are and whether you are a prospective, current or past Worker. Below you can find information we process for Workers, as well as our purposes for doing so.

RECRUITMENT

We will need to process the personal data of all prospective Workers from the moment you become a prospect or candidate for a role. This allows us to assess your suitability for the role and our business. The types of processing are as follows:

Purpose of processing your personal informationDetailGrounds for processing
Assessing suitability for the role.

We will use your personal information to assess your suitability for the role, enable shortlisting, prepare for any interviews and assessments required, and contact you to arrange, conduct, evaluate and feedback on assessments and interviews and, where successful, to make you an offer/provide you with an agreement/contract of employment. This applies to all Workers and applies whether you have made an application directly to us, have been added as a prospect or via an agency or any other third-party.

For this purpose, we will collect:

Contact details and other information to confirm your identity. This includes your name, gender, address, phone number, date of birth and email address;

Information about your employment history and skills. This includes your CV / resumes, application forms, references, records of qualifications, skills, training and other compliance requirements. This may also include records of when you contact us, emails, webchats and phone conversations; and

Information generated by us and you, through a combination of recruiting activities to further assess suitability for the role(s), such as interviews, assessment centres, assessments/tests (cognitive ability tests, skills tests, personality tests, job simulations, psychometric tests, etc). For example, you may complete a written test or we may take interview notes.

Once working at dentsu, we will also use your personal information to assess your suitability for other roles you may apply for or projects that may be assigned to you.

Legitimate Interest
Applicant administration

We will carry out pre-employment checks (where permitted by law) either using in-house resources or approved third-parties, to establish eligibility to work and other pre-Employment Checks which shall be commensurate to the risks and responsibilities of each job role such as criminal record, financial sanctions, etc and follow up references provided to us and potential other sources where necessary.

We will process and record the personal data of anyone given a job with dentsu, even if they don't turn up on their first day.

Legitimate Interest, Contractual Necessity, Legal Obligations
Talent poolIf you are unsuccessful following assessment for the role or are a prospect, we will retain your details in our talent pool for a reasonable period so that we can contact you should any further suitable roles arise. The time for which we retain your details will differ depending on where you are based. For further details please consult any notice applicable to your specific country or region. If you would like us to delete this data, please contact the data protection officer details outlined in your applicable notice or contact us at DPO@dentsu.com and we will be happy to triage your requestor candidates can also request deletion of all data held in our HR system from their application login.Legitimate Interest
Reasonable adjustments

Where applicable, we will make reasonable adjustments to the recruitment process based on the accessibility requirements you make us aware of or we become aware of.

For this purpose, we may, subject to the circumstances, collect information about you to help us assess adjustments which need to be made or work restrictions which may apply. This may include your nationality, preferred language, and details of any accessibility requirements.

Legitimate Interest, Legal Obligations
Equal opportunities monitoringIn some countries we may, subject to local laws, ask you to share information about your ethnicity, disability, age, religion/belief, gender and sexual orientation. This information is used to comply with equality and diversity requirements and to help us improve our employment practices.Legal Obligations
We will need to process the personal data of all prospective Workers from the moment you become a prospect or candidate for a role. This allows us to assess your suitability for the role and our business. The types of processing are as follows:

Working for dentsu

We will use your personal information for the purposes of your contract/agreement with us, to comply with legal obligations, or where we have a legitimate interest in doing so to manage and protect our business. We will rely on legitimate interest pursued by dentsu where it is not overridden by the interests or fundamental rights and freedoms of Our People. The table below lists out the ways in which we do so.



1. To Assist You in your role
Purpose of processing your personal informationDetailGrounds for processing
Employee Administration

We will maintain and process general records necessary for the management of workers, to operate the contract/agreement of employment or contract for services between you and the dentsu organisation, and we will need to allocate and manage your duties and responsibilities and the business activities to which they relate.

Depending on where you are based, we may process and record your personal data for purposes including, but not limited to:

Collecting information to facilitate your onboarding to the organisation. For example when receiving IT equipment and setting you up on our systems or sending you items to your home address if you are working remotely.

Facilitating moves within the company in the event of changes to your role, location, or manager.

Should you relocate to a different location, there are processes in place for support with visa applications, tax and relocation assistance.

Running employee surveys, new joiner or leaver surveys.

We may need to respond to reference requests that have been made for you for instance by new employers, mortgage or rental companies, etc.

For some leave requests we will need information that indicates the nature of the time off and duration so we can approve, apply correct policies and redistribute workload as needed.

In certain locations and for some roles, overtime will need to be tracked.

Where requested, we will need to process information required to help you participate in activities and programmes you are eligible for.

In some dentsu locations , we have workforce representation groups who need to be informed when workers join or leave the company.

Legitimate Interest, Contractual Necessity, Legal Obligations
Remuneration & benefits administration

This involves providing and administering remuneration, benefits (such as pension/retirement schemes, insurance, policies to benefit your health and wellbeing, etc), and recognition /incentive schemes. This may involve us passing appropriate personal information on to the relevant third-party providers so they can contact you, or you may register with them directly. We will also provide the details of any beneficiaries you nominate in case of death or other benefits to the relevant third-party.

We may use third-party suppliers for benefits and recognition systems and we’ll make sure we follow the requirements of the law and that your personal information is protected by them appropriately.

We will run pay benchmarking processes and reporting as required by law and to ensure we are rewarding our employees appropriately with equal pay.

We will process personal information in relation to staff awards, recognition schemes, and incentives to reward good performance.

We may contact you or send you gifts on special occasions such as your birthday and to recognise ‘length of service’ milestones working for us. We will do this using any personal data you provide us with (either in a HRIS or more generally) but you can always ask for this to not happen by contacting your People Leader or raising a case via Ask People Services.

Legitimate Interest, Contract Necessity, Legal Obligations
Conducting reviews and determining performance requirements.

Where applicable, we may need to conduct reviews to assess or investigate performance, capability, conduct, absence, or grievance concerns and other informal and formal HR or Legal processes, to make related management decisions and anything else required under our contract with you.

We will review and track your performance at regular intervals. Your personal information will be stored to track your progress. The ways in which your data will be used may include:

Setting objectives and goals.

Tracking progress against identified deficiencies based on specific action plans.

Tracking your competencies against your current and other roles.

Gathering feedback from managers, peers, direct reports and others in the organisation.

Managing staff rewards for fulfilling objectives / tasks.

Legitimate Interest, Contract Necessity
Processing employee work-related claimsWhere relevant, we will need to process any claim made by or involving you when a party is seeking compensation in cases of illness or injury.Legitimate Interest
Payroll management

This involves providing and administering payroll including tax and social security deductions and contributions, and any other deductions or garnishments required by law or your contract.

We will often utilise third-party suppliers for benefits and recognition systems, and we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.

Legitimate Interest, Contractual Necessity
Expense management

This involves reimbursing expenses where you have paid for something which is considered a genuine cost of business or providing access to corporate credit cards.

We will often utilise third-party suppliers for expense systems and credit card schemes, we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.

Legitimate Interest, Contractual Necessity




2. To Ensure Our Success As A Business
Purpose of processing your personal informationDetailGrounds for processing
Day to day business operations

We will process your personal data because of your day-to-day activities in your role with us at dentsu. The type of data processed will depend on the nature of your role, but can include:

Being part of group / 'all office' email distribution lists internally;

Having the capability to access staff business records such as email, Office 365, Teams and OneDrive;

Staff time management and scheduling, including timesheet recording;

Sharing contact information with clients, including for pitches;

Booking and invoicing for services;

Inviting you to and confirming your attendance at internal and external dentsu events;

Providing knowledge to a central service management system (e.g. ServiceNow) and responding to service downtime;

Logging IT Service Desk tickets with internal system providers, plus systems permitting IT staff to remotely operate staff systems in order to fix / manage requests (when you have granted access);

Tracking intranet usage. You will be searchable on the intranet and your; and information will appear on pages where you have produced the content;

Meeting room and desk booking systems.

Legitimate Interest, Contractual Necessity
Business management and planning

Your personal data may be stored to allow dentsu to manage its business operations and plan appropriately for the future.

This will include resource planning, project planning, staff cost management, resource allocation, client profitability analysis and timesheet compliance. Managers are required to assess their direct reports to assess Potential Level, Retention Risk and Impact of Loss. Your information will be processed for this on an ongoing basis.

Legitimate Interest
Accounting & auditing

This includes managing forecasting, budget / account management and planning for the future.

From time to time, we will disclose your personal data to third-party service providers (e.g. Microsoft Dynamics 365) to assist in our accounting and auditing processes.

Legitimate Interest, Contractual Necessity
Preventing and detecting crimeWe use your information to prevent and detect unlawful activity, including IT and building access rights and security monitoring, use of CCTV, fraud detection and prevention measures.Legal Obligations, Legitimate Interest
Network and information security

We have systems in place to prevent unauthorized access to our computer and electronic communications systems and preventing the distribution of malicious software. Your personal data is processed for several reasons, including authenticating legitimate users, contacting you in the event of an incident, training and testing in phishing awareness, setting up IT alerts, and restricting where corporate data can be stored.

To further enhance security, we have deployed a secure corporate browser for dentsu-managed devices and for dentsu corporate apps on personal devices. This system monitors user browsing activity to protect against malicious websites, threats, and malware, capturing and storing all browser-related traffic, including (but not limited to) websites visited, data transfers, IP addresses, and dentsu email addresses.

Please note: This system will not:

monitor other browsers on your personal device (e.g. Chrome, Edge, Safari etc); the only data we will collect pertains to interactions with corporate applications.

collect any inputs or clicks performed by you on a website, including filling in forms, responding to questions, or updating details. We only collect the full URL.

-          process, correlate, or share any information collected unless it triggers a security event.

Legal Obligations, Legitimate Interest
Support internal administration with our affiliated entities.This can include planning, due diligence and implementation in relation to a commercial transaction or service transfer that impacts your relationship with dentsu. For example, mergers and acquisitions or a transfer of your employment under automatic transfer rules.Legitimate Interest
Data analytics and reporting

We do this to review and better understand employee retention and attrition rates, and to understand the success of our systems / programmes. This helps inform our business decisions and we will often use the assistance of external parties to do this.

Your information may be gathered for business operational and reporting documentation such as the preparation of annual reports, which may use photographic images and graphs, and staff engagement or benchmark questionnaires. Your data, if used, will normally be anonymised so that you would not be personally identified.

We will also run data mining to assess the success of our systems and analyse how we can help you work more efficiently.

Legitimate Interest



3. To Keep Us Compliant
Purpose of processing your personal informationDetailGrounds for processing
Complying with applicable law

We are required to monitor and document activity as required to demonstrate legal compliance. This includes conflict of interest records, gifts and hospitality and anti-bribery and corruption reporting, and mandatory compliance training.

This also includes our obligations in relation to maternity or parental leave legislation, working time and health and safety legislation, taxation rules, worker consultation requirements, other employment laws and regulations to which dentsu is subject.

Personal data is also kept enabling us to process data subject rights requests employees may have during or after their employment with dentsu.

We will occasionally need to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.

Legal Obligations, Legitimate Interest
Equal opportunities monitoring

We will also need to gather information such as ethnicity, disability, age, religion/belief, gender and sexual orientation in order to comply with equality and diversity requirements and to help improve the company's employment practices.

We run D&I and social impact initiatives and ask all employees to sign up to a DEI pledge, for which your personal information will be processed.

Legal Obligations, Legitimate Interest
Education, training, and development requirements

Throughout your employment with dentsu, you will undergo various training programmes to both enhance your skills and also to fulfil mandatory compliance requirements. This depends on your role and where you are working, but can include:

Mandatory Data Protection, Ethics & Compliance, Intellectual Property, Code of Conduct, and Security e-learning courses. Employees' completion of these training courses is recorded and stored. Additional required training courses may be added, and completion is required, based on market-level and global requirements.

External coaches will occasionally run sessions. With consent, basic personal information will be shared with those coaches.

In certain markets, we run a mentor scheme to assist with the mentee's progression and learning. Participation data is tracked, and employee profile data may be used to select appropriate mentor/mentee matches.

Available learning platforms will track learning content utilization, assessment scores, platform access, learning completions, and attendance in live learning programs.

Legal Obligations, Legitimate Interest
Complying with health & safety obligations

This will include us needing to process information about absence or (where required or permitted by applicable law) medical information regarding physical or mental health or condition in order to: assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; facilitate a return to work; make adjustments or accommodations to duties or the workplace; and make management decisions regarding employment or engagement, or continued employment or engagement, or redeployment, and conduct-related processes.

This includes providing support in work related injuries, illness, management of your health and safety, providing any accessibility support you may need (including where you make us aware in your health declaration upon joining us and as updated by you when appropriate) and contacting your emergency contact if ever needed. This may include us making a referral to the occupational health service and assisting you with ill health retirement applications.

Any staff members who require assistance exiting the building in an emergency will have their information provided to fire marshals by way of Personal Emergency Evacuation Plans (PEEPS). Those fire marshals and any first aiders will also have their information stored on company systems, including the training they have received.

In some dentsu locations, we will carry out Display Screen Equipment (DSE) Assessment & New Expectant Mother (NEM) Assessment to ensure workstations are suitable for all employees.

We are also required by law to record details of any accident that occurs in the workplace.

Legal Obligations, Legitimate Interest
Business continuity

We may contact you in the event of an emergency or potential threat to you or our business such as a natural disaster or cyber-attack. Such emergencies or disasters might include a fire or any other case where business is not able to occur under normal conditions.

To ensure you are promptly informed about such events, we may use any personal data you provide us with (either in a HRIS or more generally) which may include your private contact details e.g. private phone number or email.

The following are the scenarios in scope:

Severe weather

Emergency Service/Security Incidents

Health emergencies

Cyber Security

Significant technological failures

Legitimate Interest

4. To Resolve Disputes
Purpose of processing your personal informationDetailGrounds for processing

Gathering evidence for disciplinary action or termination.


Sometimes we may need to gather personal data in relation to any allegations, complaints, investigations and disciplinary processes that occur during your time working at dentsu , whatever your role in the process.

This can include "whistle blowing or speak up now" reports from employees and are handled through third-party services.

Evidence in all cases will need to be gathered and recorded for the duration of any investigation.

We may also need to manage litigation proceedings on behalf of dentsu. Your data may be processed where required.

Legitimate Interest
Monitoring of work communicationsIn accordance with relevant laws, we reserve the right to monitor and scan electronic communications sent using the accounts, network and equipment we provide to you for work purposes. This is to ensure that dentsu IT resources are being used in compliance with the law and are in line with dentsu policies. You can learn more information about using dentsu IT resources in our Acceptable Use Policy on Neon.Legitimate Interest, Legal Obligation

Leaving dentsu

After you end your role with us, we may need to retain your personal information to fulfil certain business obligations for the following purposes:

Purpose of processing your personal informationDetailGrounds for processing
Employee administration

When you leave dentsu, we run certain processes involving your personal data to understand why you left us, to help run our business or to support a legal obligation we have.

When you leave, we may conduct an exit interview and ask you to partake in a leaver’s survey.

Your data will be used when we are preparing for your departure, for example when you are returning IT equipment or corporate credit cards. This may involve the use of your home address if you are working remotely.

We will also retain information to manage and administer your pension and other related legal obligations.

Legitimate Interest, Contractual Necessity, Legal Obligations
Processing employee work-related claimsSometimes we need to deal with claims or disputes involving you or others. This could include an accident at work. We do this because we have a legal obligation to provide the information, or it is in our interests to bring or defend a claim.Legitimate Interest
Business management and planning

After you leave, we will retain certain information to understand and evidence decision making in your role and maintain knowledge within the business; for example, this may include your handover notes or emails you have sent. We do this because it is in our interests to use this information to help run our business, or it may be to support a legal obligation we have.

We may also ask if you’d like to opt in to our alumni marketing programme whereby you can receive communications about dentsu and information about new job openings.

Legitimate Interest, Contractual Necessity
Complying with applicable lawWhere required, we may need to use your personal information to comply with our obligations to third parties in connection with your employment, such as tax authorities and professional bodies.Legal Obligations, Legitimate Interest
Equal opportunities monitoringWhere required or permitted by applicable law, we run monitoring programmes to ensure equality of opportunity and diversity with regard to personal characteristics protected under local anti-discrimination laws.Legal Obligations, Legitimate Interest


6. Sharing your information

Across dentsu:

Dentsu is a global organisation. To ensure effective and efficient services and communications throughout the group, your personal data may be shared with other dentsu organisations, for example with our group companies in Japan and the USA.

The following people and teams within dentsu may be granted, on a need-to-know basis, access to your personal data:

  • Local, regional and global HR managers and HR team members;
  • Local, regional and executive management responsible for managing or making decisions in connection with your relationship with dentsu, or when involved in an HR process concerning your relationship with dentsu; system administrators; and
  • Where necessary for the performance of specific tasks or system maintenance, teams such as the Finance, Legal & Compliance, Technology & Security and HR teams.

Basic personal data, such as your name, location, job title, contact information, any published skills and experience profile, as well as any photo that you upload to the HRIS, may be accessible to other employees to facilitate standard business operations.

Outside dentsu:

Your personal data may be also shared with organisations outside of the Dentsu group. To help you understand who these organisations are, here is a non-exhaustive list:

  • Third-party suppliers: Organisations (and their sub-contractors) that provide us with technology solutions and/or support such as the organisations that have been engaged to host, support and otherwise maintainsystems we use to process your personal information. This could also include organisations that provide systems which interconnect with the HRIS or are used more generally. Examples include expense management software, payroll and benefits systems, IT servicing technology and many more. Where we use a third-party service provider we’ll make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.
  • Dentsu’s professional advisers: We may need to share your information with professional advisers including but not limited to IT administrators, auditors, consultants, payroll providers, external lawyers, administrators of dentsu’s benefits programmes.
  • Insurance providers: We may also need to share your information with insurance providers in relation to our insurance policies.
  • Clients: We may share your information with our clients where necessary to manage and deliver services to them.
  • Public authorities: We may share your information with public authorities to comply with lawful requests (including without limitation to meet national security or law enforcement requirements) or where otherwise required, whether within or outside your country. We only share your personal information in accordance with applicable laws and have strong internal oversight of what we do and take expert advice to inform our approach.


7. Protecting your information and how long we keep it for

How do we protect your personal information?

We have implemented appropriate technical and organisational measures to protect your personal information. These include but are not limited to, physical building controls, device and file encryption and ID verification. Where we transfer your personal information to third-party provider we only do so where we have the appropriate safeguards in place to protect your personal data.

How long do we keep your personal information?

We keep your personal data for as long as it is required to fulfil such purpose(s) for which it was collected. This will usually be the period of your employment or contract for services, or as otherwise set out in the context of prospective employees or other, with the dentsu organisation plus the length of any applicable statutory limitation period once that employment or contract period has ended. For example, data such as tax and pensions information, may need to be kept for longer. Otherwise we will delete or anonymise it so that you cannot be identified and it can no longer be associated with you.

Further information about our data retention policies and requirements for different categories of data we use across our network is available here

8. Your rights

Depending on the applicable privacy law of the market you are in, you may have several rights in relation to your Personal Data, including:

Objecting to our processing of your Personal Data. Where we rely on legitimate interest (or those of a third-party) and if you feel it impacts on your fundamental rights and freedoms, you can object to our processing.. You can object at any time, and we shall stop processing the data you have objected to, unless we can show legitimate grounds to continue. 

Accessing your Personal Data. We may be required to provide you with information we hold about you upon your request, including a description and copy of the Personal Data and why we are processing it, unless a lawful exception applies.

Requesting the provision of your Personal Data to a third party. You may ask us to provide you or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to Personal Data you have provided to us; and if you have consented to our use or where we used the Personal Data to perform a contract with you. 

Requesting erasure (deletion) of your Personal Data.  You may ask us to delete your data where you think we no longer require it. Note, we may be required to retain certain Personal Data by law and/or for our own legitimate business purpose. But when we do so, we will inform you.

Requesting correction or updating of your Personal Data. This enables you to have any incomplete or inaccurate Personal Data we hold about you corrected. 

Requesting the restriction of our processing of your Personal Data. In some situations and only in some jurisdictions you can request a restriction to our processing. If you request this, we can continue to store your Personal Data but are restricted from processing it while the restriction is in place.

Withdrawing your consent. Where you have consented to our processing of your Personal Data, you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of what we have done with your Personal Data before you withdrew consent or affect our right to continue with our collection, use or disclosure of your Personal Data where such collection, use or disclosure of Personal Data is permitted under applicable laws without consent.

Making a Complaint. We will do our best to resolve any complaint. However, if you feel we have not resolved your complaint, or if you wish to reach out to them directly, you can complain to your local data protection authority. For example, in the UK, the local data protection authority is the UK Information Commissioner's Office. If you have any questions about who your local authority is, please contact us and we can provide the relevant information.


If you exercise the rights above, the request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide adequate information that we can reasonably verify that you are the person about whom we collected the personal information (including information that enables us to verify the identifying information we possibly maintain about you).

We will respond to requests within the required timeframes. If we need extra time to respond, we will let you know why, and how long we require, in writing. To protect your Personal Data, we will only honour requests if we have been able to verify your identity or authority to make the request and confirm the Personal Data relates to you. The method used to verify your identity will depend on the type, sensitivity and value of the information, including the risk of harm to you posed by any access or deletion. Verification will usually be performed by matching the identifying information provided by you to the personal information that we already have.

Note that if you are in a market where these rights do not exist, we reserve the right to deny your request.

9. Updates

 Our Notice might change from time to time. We’ll notify you about any changes to the Notice by posting on our website, internal intranet or contacting you directly.

10. Contact Us

If you have any questions about this Notice, our approach to privacy or you would like to exercise any of the rights mentioned in this Notice you can contact our Data Protection Officer in any of the following ways:

  1. Address: Data Protection Officer, Dentsu international, Regent’s Place, 10 Triton Street, Regent’s Place, London, NW1 3BF 
  2. Email: DPO@dentsu.com  
  3. [Or using the information of your local DPO included in the section below].

11. Glossary

Dentsu organisationThe specific dentsu entity that entered into an employment contract or relationship or a contract for services with you.
Data controllerThe natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. This will be the dentsu organisation that entered into an employment dentsu or contract for services with you. It may also include other dentsu organisations that need to process your personal data for their own purposes.
Other dentsu organisationThe parents, affiliates, and/or subsidiaries of the dentsu organisation described above.
Processing (or Processed)Any operation which is performed on personal data - such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal DataPersonal information means information that identifies you as an individual, or is capable of doing so. Any information relating to an identified or identifiable person. An identifiable person is someone who can be identified, directly or indirectly, by reference to details such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.


Additional market information

We provide additional information about our controllers and data protection officers (as applicable), the privacy, collection, and use of personal information data subjects of dentsu located in certain markets.

Australia

  1. We may conduct surveillance including video surveillance such as CCTV (for staff and visitors to our premises) and monitoring usage of our computers, devices, systems, networks and other IT resources (for staff and visitors to our public websites). This surveillance and monitoring may operate on an ongoing 24/7 basis, with effect from 18 June 2025. Please contact us if you have any queries about these activities. Surveillance records may be used and disclosed for the purposes described in the Notice in respect of processing of personal information, to the extent permitted by law.
    1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Australian privacy laws.
    2. We sometimes collect and process personal information under Australian laws including the Corporations Act, Fair Work Act, Income Tax Assessment Act and other tax laws, long service leave acts, Privacy Act, public health acts, Superannuation Guarantee (Administration) Act, Surveillance Devices Act, Telecommunications (Interception and Access Act) work health and safety acts, workers compensation acts, and Workplace Surveillance Act.

If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties

Austria

Argentina

Belgium

Brazil

Bulgaria

Canada

Chile

China

单击此处阅读简体中文版的《人员隐私声明》。

  1. The ‘legitimate interest’ of the ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Personal Information Protection Laws.
  2. We would not collect Sensitive Information as defined under applicable laws from job applicants unless and until the individual has accepted an offer of employment
  3. If you have any questions about the Privacy Notice, our approach to privacy or you would like to exercise any of the rights mentioned in the Privacy Notice you can contact:

    Dentsu China
    Email: DentsuChina.HR@dentsu.com
    Address:Building A, Haisu Culture Plaza, No. 658 Zhaohua Road, Changning District, Shanghai, China
  4. In case your Personal Information would be transferred to the headquarter office of Dentsu and other Dentsu affiliates, the Personal Information to be transferred would be subject to the written notice provided by our local HR team. The contact of the overseas recipient is as follows:

    Dentsu Headquarter Office:
    Dentsu International Limited
    Global Data Protection Officer dpo@dentsu.com
    Address: 10 Triton Street, London, UK NW1 3BF


  1. 隐私声明中所述的"合法利益"处理依据,未必构成《个人信息保护法》认可的处理事由。
  2. 在求职者正式接受录用通知前,我们不会根据中国法律收集其敏感个人信息。
  3. 如对隐私声明、隐私保护政策或行使声明中所述权利存在疑问,请联系:  ‌
    电通中国‌  
    邮箱:DentsuChina.HR@dentsu.com
    地址:中国上海市长宁区昭化路658号海粟文化广场A栋
  4. 如需向电通总部及其他关联公司传输个人信息,须以中国区人力资源团队的书面通知为准。境外接收方联系方式如下:
     ‌电通集团总部‌  
    Dentsu International Limited
     全球数据保护官:dpo@dentsu.com
     地址:英国伦敦NW13BF区Triton街10号

Colombia

Croatia

Czechia

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Hong Kong

按兩下此處閱讀繁體中文的People隱私聲明。

  1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Hong Kong privacy laws.

    私隱聲明中所載的「處理依據」不一定是根據香港私隱法例的處理依據。
  2. It is obligatory for you to supply the data. If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.

    您有義務提供有關資料。如我們未能收集所需的個人資料,則我們根據私隱聲明所列明的目的處理您的個人資料的能力可能會受到限制。在某些情況下,這可能會影響我們聘用或保留您擔任某職位的能力,或導致紀律處分或職責調配。
  3. We do not collect Hong Kong Identification Card ("HKID Card") number from job applicants unless and until the individual has accepted an offer of employment. 

    除非及直至求職者本人士已接受我們的聘用邀請,否則我們不會向求職者收集香港身份證(「身份證」)號碼。
  4. We only collect criminal records from job applicants for our pre-employment checks only if we consider that it is for a lawful purpose directly related to a function or activity of Dentsu, the collection of the data is necessary for or directly related to that purpose, and, in relation to that purpose, the data is adequate but not excessive. This will depend on the specifics of the individual case, including the role and nature of the job involved, its function and potential tasks.

    在進行僱用前審查時,我們僅會於以下情況向求職者收集刑事紀錄:假如我們認為收集刑事紀錄的合法目的是與電通職能或活動直接相關,並且收集該等資料對該目的而言是必要或直接相關,且資料屬於足夠但不過量的情況下。這將視乎個別情況的具體細節,包括職位及工作的性質、其職能及潛在職責而定。
  5. Our data retention period for Hong Kong is as follows:

    我們於香港的資料保留期限如下:

    (i) no longer than two years in respect of recruitment-related data held about a job applicant from the date of rejecting the applicant; and

    關於求職者的招聘相關資料,自拒絕該申請人之日起計,不會保留超過兩年;及

    (ii) no longer than seven years in respect of employment-related data held about an employee from the date the employee leaves employment, unless (a) the individual concerned has given express consent for the data to be retained for a longer period; or (b) there is a subsisting reason that obliges the employer to retain the data for a longer period.

    關於僱員的僱傭相關資料,自僱員離職之日起計,不會保留超過七年,除非 (a) 有關人士已明確同意將資料保留更長時間;或 (b) 存在使僱主有義務將資料保留更長時間的持續原因。

India

1.) This Addendum supplements the People Privacy Notice and applies to all employees, contractors, and workers based in India.

2.) It is intended to ensure compliance with applicable Indian data protection laws and clarify the legal basis for processing personal data in the Indian context.

3.) It should be read in conjunction with the People Privacy Notice. In the event of any conflict between the Addendum and the People Privacy Notice, the provisions of this Addendum shall prevail for data subjects located in India.

Legal grounds for processing

4.) In addition to the legal basis outlined in the People Privacy Notice, the Company shall process your personal data in India based on the following additional legal ground:

a.) Consent

i.) Where required under applicable Indian laws, the Company may seek your explicit and informed consent for collection, use, storage and sharing of personal data. Such consent will be obtained through appropriate documentation or digital acknowledgement and will be freely given, specific, informed, and unambiguous.

ii.)Such consent shall be obtained in addition to, and not in substitution of, the Company’s reliance on legitimate use as a legal ground for processing employee personal data.

Consent Procurement

5.) Consent will be obtained via one or more of the following methods:

a.) Digital acceptance through secure HR portals or consent management tools
b.) Signed paper or electronic form
c.) Email confirmations or click-through mechanisms

Consent Storage and Audit Trail

6.) The Company shall maintain a secure and auditable record of all contents obtained, including:

a.) The date, method, and content of the consent request
b.) Any subsequent modification or withdrawals

7.) These records will be retained for as long as necessary for audit and compliance purposes, subject to applicable legal obligations.

Withdrawal of consent:

1.) You have the right to withdraw your consent at any time by contacting the Company’s Grievance Redressal Officer.

a.) The Company will cease processing your data for the specific purpose(s) for which the consent was originally obtained.
b.) This does not affect the lawfulness of processing carried out prior to the withdrawal.

Important Note

9.)Some processing activities are necessary for employment-related purposes. If you withdraw consent for such essential processing (e.g. payroll, statutory compliance, benefits administration), the Company may not be able to fulfil its obligations as an employer, and this may have practical implications on your continued employment or access to certain services or entitlements. In such cases, the Company will engage with you to explain the consequences and explore alternative arrangements, where feasible.

Indonesia

Klik di sini untuk membaca Pemberitahuan Privasi Orang dalam bahasa Indonesia.

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Indonesia privacy laws.

Dasar pemrosesan yang ditetapkan dalam Pemberitahuan Privasi tidak selalu merupakan dasar pemrosesan menurut undang-undang privasi Indonesia.

Italy

Korea

한국어로 된 People Privacy Notice를 읽으려면 여기를 클릭하십시오.

Carat Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is Carat Korea Co., Ltd.

1.) Items of personal information processed

Legal basisItems of personal information processed
Your consent

All types of personal data as stated in the Privacy Notice, except resident registration number


 AD-ID


Internal Employee Consent

Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details,

Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement,

Timesheet records, Attendance records

Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbersResident registration number

2.) Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties


Name of the recipientPurposes of use by the recipientItems of the information to be transferredPeriods of retention/use by the recipient

Korea Investment & Securities

(02-3276-5689)

Retirement pension enrollment, maintenance, withdrawalName, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employmentFor 3 years during the employee’s tenure and after resignation

National Tax Service

(02-397-1200)

Income tax and other tax filings, payments, and year-end tax adjustments per the Tax ActName, Contact, Date of employment and retirement, Salary, Dependents informationFor 5 years during the employee’s tenure and after resignation

National Pension Service

(1355)

National pension enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Shiftee Inc.

(02-6261-5319)

Submission of employment insurance-related documents (HR, etc.)Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, AttendanceFor 3 years during the employee’s tenure and after resignation

National Health Insurance Service

(1577-1000)

Health insurance enrollment, maintenance, suspension, and insurance paymentName, Contact, Salary, Job title, Dependents informationSame as above

Korea Worker’s Compensation & Welfare Service

(1588-0075)

Employee compensation insurance enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Employment Center

(1588-0075)

Employment insurance enrollment, suspension, insurance paymentSame as aboveSame as above

Dentsu Holdings Korea Co., Ltd.

(02-6005-0400)

To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesName, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance recordsSame as above

Firstin Co., Ltd.

(070-7119-8045)

Payroll management and provision of management support servicesName, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent informationSame as above

Konkuk University Hospital

(1588-1533)

Provision of comprehensive employee medical check-up servicesName, contact detail, gender, Date of birthSame as above

Ministry of Employment and Labor

(1350)

Provision of materials during workplace inspections and labor supervisionName, Company ID, Affiliated department, Date of hire and terminationSame as above

Samjeong Accounting Corp.

(02-2112-0101)

Provision of materials upon request during regular auditsSame as aboveSame as above
Dentsu Asia Pacific Pte Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records

For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


Same as stated above
Dentsu International LimitedFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)Platform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed

ISLAND


Same as stated aboveSame as stated aboveSame as stated above


2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processorOutsourced tasks
메조미디어 (Mezzo Media)

AD-ID를 통한 미디어 집행

(Media AD execution via AD-ID)

2.3)Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)Items of the information to be transferredCountries where the personal information is to be transferred and the date, time, methods of the transferPurposes of use by the recipientPeriods of retention/use by the recipientLegal basis of the transfer
Dentsu Asia Pacific Pte Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


SingaporeTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesFor 3 years during the employee’s tenure and after resignationThe company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


TaiwanTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesSame as stated aboveSame as stated above
Dentsu International LimitedName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)United KingdomFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsPlatform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed
Same as stated above

ISLAND


Same as stated aboveGermanySame as stated aboveSame as stated aboveSame as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

  • Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
  • Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1) Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

  • Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
  • Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
  • Log-in and IP address records: 3 months (the Communications Secrecy Act)
  • Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
  • Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
  • Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
  • Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
  • Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

  • Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
  • Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

Dentsu Creative

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is Dentsu Creative Korea Inc.

1.)Items of personal information processed

Legal basisItems of personal information processed
Your consent

All types of personal data as stated in the Privcay Notice, except resident registration number


 Name, address, telephone number, email address


Internal Employee Consent

Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details,

Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement,

Timesheet records, Attendance records

Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbersResident registration number

2.)Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1)  Provision of personal information to Third Parties

Name of the recipientPurposes of use by the recipientItems of the information to be transferredPeriods of retention/use by the recipient

Korea Investment & Securities

(02-3276-5689)

Retirement pension enrollment, maintenance, withdrawalName, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employmentFor 3 years during the employee’s tenure and after resignation

National Tax Service

(02-397-1200)

Income tax and other tax filings, payments, and year-end tax adjustments per the Tax ActName, Contact, Date of employment and retirement, Salary, Dependents informationFor 5 years during the employee’s tenure and after resignation

National Pension Service

(1355)

National pension enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Shiftee Inc.

(02-6261-5319)

Submission of employment insurance-related documents (HR, etc.)Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, AttendanceFor 3 years during the employee’s tenure and after resignation

National Health Insurance Service

(1577-1000)

Health insurance enrollment, maintenance, suspension, and insurance paymentName, Contact, Salary, Job title, Dependents informationSame as above

Korea Worker’s Compensation & Welfare Service

(1588-0075)

Employee compensation insurance enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Employment Center

(1588-0075)

Employment insurance enrollment, suspension, insurance paymentSame as aboveSame as above

Dentsu Holdings Korea Co., Ltd.

(02-6005-0400)

To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesName, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance recordsSame as above

Firstin Co., Ltd.

(070-7119-8045)

Payroll management and provision of management support servicesName, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent informationSame as above

Konkuk University Hospital

(1588-1533)

Provision of comprehensive employee medical check-up servicesName, contact detail, gender, Date of birthSame as above

Ministry of Employment and Labor

(1350)

Provision of materials during workplace inspections and labor supervisionName, Company ID, Affiliated department, Date of hire and terminationSame as above

Samjeong Accounting Corp.

(02-2112-0101)

Provision of materials upon request during regular auditsSame as aboveSame as above
Dentsu Asia Pacific Pte Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records

For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


Same as stated above
Dentsu International LimitedFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)Platform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed

ISLAND


Same as stated aboveSame as stated aboveSame as stated above

2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processorOutsourced tasks
티아이커머스광고주 캠페인 경품 당첨자 안내 및 경품 발송, 제세공과금 처리
㈜모바일이앤엠애드광고주 이벤트 진행을 위한 경품 발송
㈜알리는사람들기업 메세징 서비스
오투커뮤니케이션즈광고주 이벤트 및 서비스 경품 발송
㈜루트업광고주 딜러 플랫폼 운영 및 관리
기지커뮤니케이션즈광고주 이벤트 운영 및 서비스 경품 발송 목적
엔크리에이션상동
블루인마케팅상동

2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)Items of the information to be transferredCountries where the personal information is to be transferred and the date, time, methods of the transferPurposes of use by the recipientPeriods of retention/use by the recipientLegal basis of the transfer
Dentsu Asia Pacific Pte Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


SingaporeTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesFor 3 years during the employee’s tenure and after resignationThe company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


TaiwanTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesSame as stated aboveSame as stated above
Dentsu International LimitedName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)United KingdomFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsPlatform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed
Same as stated above

ISLAND


Same as stated aboveGermanySame as stated aboveSame as stated aboveSame as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

  • Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
  • Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1 Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

  • Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
  • Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
  • Log-in and IP address records: 3 months (the Communications Secrecy Act)
  • Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
  • Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
  • Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
  • Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
  • Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

  • Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
  • Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

dentsu X Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is dentsu X Inc.

1.)Items of personal information processed

Legal basisItems of personal information processed
Your consent

All types of personal data as stated in the Privcay Notice, except resident registration number


Name, birthday, address, telephone number, IP address, email address


Internal Employee Consent

Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details, Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement,

Timesheet records, Attendance records

Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbersResident registration number

2.)Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties

Name of the recipientPurposes of use by the recipientItems of the information to be transferredPeriods of retention/use by the recipient

Korea Investment & Securities

(02-3276-5689)

Retirement pension enrollment, maintenance, withdrawalName, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employmentFor 3 years during the employee’s tenure and after resignation

National Tax Service

(02-397-1200)

Income tax and other tax filings, payments, and year-end tax adjustments per the Tax ActName, Contact, Date of employment and retirement, Salary, Dependents informationFor 5 years during the employee’s tenure and after resignation

National Pension Service

(1355)

National pension enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Shiftee Inc.

(02-6261-5319)

Submission of employment insurance-related documents (HR, etc.)Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, AttendanceFor 3 years during the employee’s tenure and after resignation

National Health Insurance Service

(1577-1000)

Health insurance enrollment, maintenance, suspension, and insurance paymentName, Contact, Salary, Job title, Dependents informationSame as above

Korea Worker’s Compensation & Welfare Service

(1588-0075)

Employee compensation insurance enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Employment Center

(1588-0075)

Employment insurance enrollment, suspension, insurance paymentSame as aboveSame as above

Dentsu Holdings Korea Co., Ltd.

(02-6005-0400)

To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesName, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance recordsSame as above

Firstin Co., Ltd.

(070-7119-8045)

Payroll management and provision of management support servicesName, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent informationSame as above

Konkuk University Hospital

(1588-1533)

Provision of comprehensive employee medical check-up servicesName, contact detail, gender, Date of birthSame as above

Ministry of Employment and Labor

(1350)

Provision of materials during workplace inspections and labor supervisionName, Company ID, Affiliated department, Date of hire and terminationSame as above

Samjeong Accounting Corp.

(02-2112-0101)

Provision of materials upon request during regular auditsSame as aboveSame as above
Dentsu Asia Pacific Pte Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records

For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


Same as stated above
Dentsu International LimitedFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)Platform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed

ISLAND


Same as stated aboveSame as stated aboveSame as stated above


2.2) Outsourcing of the processing of personal information to third parties

Name of the outsourced processorOutsourced tasks
메조미디어 (Mezzo Media)

광고주 미디어 광고 캠페인 운영

(Media AD campaign operation)

2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)Items of the information to be transferredCountries where the personal information is to be transferred and the date, time, methods of the transferPurposes of use by the recipientPeriods of retention/use by the recipientLegal basis of the transfer
Dentsu Asia Pacific Pte Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


SingaporeTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesFor 3 years during the employee’s tenure and after resignationThe company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


TaiwanTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesSame as stated aboveSame as stated above
Dentsu International LimitedName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)United KingdomFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsPlatform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed
Same as stated above

ISLAND


Same as stated aboveGermanySame as stated aboveSame as stated aboveSame as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.)Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

  • Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
  • Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1) Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

  • Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
  • Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
  • Log-in and IP address records: 3 months (the Communications Secrecy Act)
  • Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
  • Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
  • Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
  • Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
  • Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2) Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

  • Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
  • Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

iProspect Korea

This addendum supplements the People Privacy Notice and sets forth additional information related to how we process the personal data of data subjects in South Korea. To the extent that there are any inconsistencies between the People Privacy Policy and this Addendum, this Addendum will prevail with respect to data subjects in South Korea.

The data handler under the Personal Information Protection Act for data subjects in South Korea is iProspect Korea Co., Ltd.

1.) Items of personal information processed

Legal basisItems of personal information processed
Your consent

All types of personal data as stated in the Privacy Notice, except resident registration number

Currently None


Internal Employee Consent

Name, Gender, Age, Education background, Affiliated department, Job grade, Job title/position, Salary and compensation details,

Contact information, Training records, Email address, Home address, Marital status, Residential address, Nationality, Performance evaluation, Promotion, Resignation/retirement,

Timesheet records, Attendance records

Where any Act, Presidential Decree, National Assembly Regulations, Supreme Court Regulations, Constitutional Court Regulations, National Election Commission Regulations or Board of Audit and Inspection Regulations specifically requires or permits the processing of resident registration numbersResident registration number


2.) Data sharing

We provide your personal information to or outsource the processing thereof to third parties as specified below:

2.1) Provision of personal information to Third Parties

Name of the recipientPurposes of use by the recipientItems of the information to be transferredPeriods of retention/use by the recipient

Korea Investment & Securities

(02-3276-5689)

Retirement pension enrollment, maintenance, withdrawalName, Company ID, Address, Contact, Email, Job title, Affiliated department, Salary, Date of employmentFor 3 years during the employee’s tenure and after resignation

National Tax Service

(02-397-1200)

Income tax and other tax filings, payments, and year-end tax adjustments per the Tax ActName, Contact, Date of employment and retirement, Salary, Dependents informationFor 5 years during the employee’s tenure and after resignation

National Pension Service

(1355)

National pension enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Shiftee Inc.

(02-6261-5319)

Submission of employment insurance-related documents (HR, etc.)Name, Company ID, Address, Contact, Date of employment, Affiliated department, Job title, AttendanceFor 3 years during the employee’s tenure and after resignation

National Health Insurance Service

(1577-1000)

Health insurance enrollment, maintenance, suspension, and insurance paymentName, Contact, Salary, Job title, Dependents informationSame as above

Korea Worker’s Compensation & Welfare Service

(1588-0075)

Employee compensation insurance enrollment, maintenance, suspension, and insurance paymentSame as aboveSame as above

Employment Center

(1588-0075)

Employment insurance enrollment, suspension, insurance paymentSame as aboveSame as above

Dentsu Holdings Korea Co., Ltd.

(02-6005-0400)

To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesName, gender, age, educational background, department, job position, job title, detailed salary and compensation information, contact details, training records, email address, home address, marital status, residential address, nationality, performance evaluations, promotions, resignations, timesheet records, attendance recordsSame as above

Firstin Co., Ltd.

(070-7119-8045)

Payroll management and provision of management support servicesName, employee ID number, address, contact details, email address, bank account number, date of joining, department, job position, salary, dependent informationSame as above

Konkuk University Hospital

(1588-1533)

Provision of comprehensive employee medical check-up servicesName, contact detail, gender, Date of birthSame as above

Ministry of Employment and Labor

(1350)

Provision of materials during workplace inspections and labor supervisionName, Company ID, Affiliated department, Date of hire and terminationSame as above

Samjeong Accounting Corp.

(02-2112-0101)

Provision of materials upon request during regular auditsSame as aboveSame as above
Dentsu Asia Pacific Pte Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records

For 3 years during the employee’s tenure and after resignation
Carat Media Taiwan Ltd.To provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employees

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


Same as stated above
Dentsu International LimitedFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)Platform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed

ISLAND


Same as stated aboveSame as stated aboveSame as stated above


2.2)  Outsourcing of the processing of personal information to third parties

Name of the outsourced processorOutsourced tasks
N/AN/A


2.3) Cross-border transfer of personal information

Name of the recipient (if the recipient is a corporation then the name and contact information of the corporation)Items of the information to be transferredCountries where the personal information is to be transferred and the date, time, methods of the transferPurposes of use by the recipientPeriods of retention/use by the recipientLegal basis of the transfer
Dentsu Asia Pacific Pte Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


SingaporeTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesFor 3 years during the employee’s tenure and after resignationThe company provides the personal data of its officers and employees to third parties located overseas, with their consent, pursuant to Article 28-8(1)(1) of the Personal Information Protection Act.
Carat Media Taiwan Ltd.

Name, Gender, Age

Education background, Affiliated department,

Job grade,

Job title/position,

Salary and compensation details,

Contact information,

Training records,

Email address,

Home address,

Marital status,

Residential address,

Nationality,

Performance evaluation,

Promotion,

Resignation/retirement,

Timesheet records,

Attendance records


TaiwanTo provide management support services (such as Accounting, Tax, HR, General Affairs, Legal, IT, etc.) to dentsu internal employeesSame as stated aboveSame as stated above
Dentsu International LimitedName, Email, Information related to the use of the internal secure browse (Country and country code, IP address, Technical information, Usage information including visited pages, date and time of page access, last logged-in browser, page interactions such as file download/upload, cut/copy/paste, etc.)United KingdomFor the management and configuration of internal secure browser, and for the analysis, investigation, and reporting of security risks and incidentsPlatform internal data: retained for up to 60 days from the date of the security event /
Security event information: retained for up to 12 months from the date of the security event /
Security incident information: retained for up to 3 years from the date the incident is closed
Same as stated above

ISLAND


Same as stated aboveGermanySame as stated aboveSame as stated aboveSame as stated above

If you do not want your personal information to be transferred overseas, you can refuse by not agreeing to, or by requesting us to stop, the cross-border transfer of such personal information, but if you refuse, you may not be able to receive the remote support, or may not able to use the secure browser.

3.) Matters concerning the installation, operation, and the right to refuse a device that automatically collects personal information.

We may use cookies to store and retrieve your information to provide individualized services to you. Cookies are small amounts of information sent to the user’s computer browser by the server used to operate the website and are also stored on the hard disk of the user’s computer. If you refuse to save cookies, you may experience difficulties in using customized services.

  • Purpose of using cookies: Cookies are used to provide more convenient service to your by identifying the type of visit and use of the service, etc.
  • Installation, operation, and refusal of cookies: You can allow or refuse cookies through the option settings in the Tools/Options menu at the top of the web browser.

4.) Data retention

4.1 Data retention

If required to retain personal information pursuant to applicable Korean laws, such as those set forth below, we will retain personal information solely for the retention periods and purposes prescribed thereunder.

  • Trade books and other important documents relating to business: 10 years; slips or documents similar thereto: 5 years (the Commercial Act)
  • Ledgers and documents related to year-end tax settlement, etc.: 5 years (the Income Tax Act, the Framework Act on National Taxes)
  • Log-in and IP address records: 3 months (the Communications Secrecy Act)
  • Documents related to the notification of acquisition or loss of status as a workplace-based insured person, etc.: 5 years (the National Pension Act)
  • Employee roster and material documents related to employment contracts: 3 years (the Labor Standards Act)
  • Information related to the issuance of certificates including certificates of work experience: 3 years following termination of employment contract (the Labor Standards Act)
  • Health examination charts and results of health examinations: 5 years (or 30 years in the case of workers handling certain materials prescribed by the Ministry of Employment and Labor) (the Occupational Safety and Health Act)
  • Documents related to paternity leave and other documents concerning equal employment opportunity and work-family balance assistance: 3 years (Equal Employment Opportunity and Work-family Balance Assistance Act)

4.2 Data destruction

When destroying your personal information because it is no longer needed, we will do so in accordance with the following procedures and method:

  • Procedures for destruction: We select the personal information to be destroyed (e.g., personal information whose purpose of processing has been achieved or whose retention period has expired) and destroy it with the approval of our Data Protection Officer.
  • Method of destruction: If printed on paper, the personal information will be destroyed by shredding, incinerating, or some other similar method and, if saved in electronic form, the personal information will be destroyed by technical methods (e.g. Low-Level Format) which will ensure that the data cannot be restored or recovered.

5.) Your rights

You may exercise your rights related to personal information against us, including a request for access to, modification or deletion of, or suspension of processing of, your personal information as provided by applicable law including the Personal Information Protection Act. You may also exercise your right of withdrawal of consent to processing of personal information, right to portability, and rights relating to automated decision-making.

6.) Contact us

If you have any questions about this Addendum or how we handle your personal information, please contact our CISO.

Latvia

Lithuania

Malaysia

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Malaysia privacy laws.

Mexico

Netherlands

New Zealand

The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under New Zealand privacy laws.

Norway

Philippines

1.1) The Philippines’ Data Privacy Act of 2012 (Republic Act No. 10173), its implementing rules and issuances of the Philippine National Privacy Commission shall be applicable to the processing of the personal data of Philippine residents or citizens.

1.2)We will process your personal information, as defined under applicable laws and identified in the Privacy Notice, for the purposes stated in the Privacy Notice based on your consent, contractual necessity, compliance with legal obligations, and legitimate interests.

1.3) The ‘grounds for processing’ set out in the Privacy Notice are not necessarily available grounds for processing of all types of personal data under Philippines privacy laws.

1.4) We will only process your sensitive personal information, as defined under applicable laws, including your gender; age and/or date of birth; results of cognitive ability tests, personality tests, psychometric tests; criminal records and financial sanctions; ethnicity, disability, religion/belief, and sexual orientation; information about illness or injury; and, information regarding disciplinary proceedings, for the purposes stated in the Privacy Notice based on your consent, when allowed under applicable laws, or where necessary for the protection of lawful rights and interests, or the establishment, exercise, or defense of legal claims.

1.5) Subject to the terms and conditions set out herein, in the Privacy Notice, and your consent, we shall collect and process diversity and equal opportunity data pertaining to you for the purposes specified in the Privacy Notice, including your ethnicity, disability, age, religion/belief, gender and sexual orientation. Such data will be utilized and/or shared only to monitor, assess, study, determine compliance with and/or formulate and implement company or group policies and practices on or relevant to, equal opportunity policies and standards, anti-discrimination, diversity, and D&I concerns. In this regard, we may also share any of such data with other controllers specifically (i) any affiliate or related party, and (ii) a third party outside the Dentsu Group, but in all cases, these parties shall use the data only for and in line with the declared purposes. The nature, scope, extent and duration of the processing shall be as may be necessary to implement the purposes as stated in the Privacy Notice.

1.6) You are not required to consent to the collection and processing of your diversity data for the stated purposes as a condition of your employment, receipt of salary or benefits, promotion or other aspect of your employment. Some of your diversity data may have been or need to be collected and processed to perform, implement and enforce your employment contract, employment policies which you are required to adhere to or have adhered to, compliance and similar obligations under applicable law, and/or pursuant to other lawful basis. This request for your consent is not for or pursuant to those purposes for which you have already given consent or for which we rely on other lawful basis allowed by applicable law.

1.7) The Privacy Notice is intended to tell you how we use personal information. This Notice does not apply to the information we hold about companies or other organisations, or to other companies or organisations collecting and using your personal information. You should review their privacy policies before giving them your personal information.

1.8) If you have any questions about the Privacy Notice, our approach to privacy or you would like to exercise any of the rights mentioned in the Privacy Notice you can contact:

1.8.1) Our Data Protection Officer:
Address: Data Protection Officer, Dentsu international, Regent’s Place, 10 Triton Street, Regent’s Place, London, NW1 3BF
Email: DPO@dentsu.com

1.8.2) The Philippine Data Protection Officer:
Address: G/F United Life Building, 837 A. Arnaiz Ave., Makati City, Philippines
Email: ph.dpo@dentsu.com


2.) Unenforceable provision in Dentsu’s Privacy Notice. Paragraph 3 of the Privacy Notice states, “The Notice is intended to tell you how we use personal information but is not intended to create a contract with you.” This clause may not be enforceable in the Philippines, especially where the lawful basis relied upon is the consent of the data subject. Under NPC Circular No. 2023-04, the data subject’s acceptance of the provisions of the consent form creates a contract between the data subject and a controller on the terms of processing of the personal data. As such, in case of a complaint, Dentsu may not be able to raise the provision under Paragraph 3 to disclaim any liability arising from processing of personal data outside the parameters set out in the Privacy Notice.

Poland

Portugal

Romania

Singapore

    1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Singapore privacy laws.
    2. If we are unable to collect personal information that we seek, our ability to fulfill the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.
    3. We do not collect Singapore National Registration Identification Card (“NRIC”) number from job applicants unless and until the individual has accepted an offer of employment.

Slovakia

Sri Lanka

Read the Sri Lanka People Privacy Notice here.

Sweden

Switzerland

Read the Swiss (French) and Swiss (German) People Privacy Notices here.

Taiwan

按兩下此處閱讀繁體中文的People隱私聲明。

  1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Taiwan privacy laws.
  2. It is obligatory for you to supply the data. If we are unable to collect personal information that we seek, our ability to fulfil the purposes of processing your personal information, as outlined in the Privacy Notice, may be limited. In some cases, this may impact our ability to hire or retain you for a role, or result in disciplinary action or reallocation of your duties.


  1. 隱私聲明中提到的“處理依據”不一定符合台灣相關隱私法律的規定。
  2.  您必須提供相關資料。如果我們無法獲取所需之個人資料,可能會限制我們達成隱私聲明中所述處理您個人資料目的之能力。在某些情況下,這可能會影響我們能否聘用或保留您職位,甚至可能將導致紀律處分或職務調動。

Thailand

Read the Thai (English) People Privacy Notice here.

Turkey

United Kingdom & Ireland

USA

Read the US People Privacy Notice here.

Vietnam

Nhấp vào đây để đọc Thông báo về quyền riêng tư của mọi người bằng tiếng Việt.

  1. The ‘grounds for processing’ set out in the Privacy Notice are not necessarily grounds for processing under Vietnam privacy laws.
  2. Amendment to Section 8 “Your rights”

    The title of this section is revised to “Your rights and your obligations

    A new paragraph is added at the end of this Section 8 as follows:

    Additionally, you may have several obligations in relation to your Personal Data, subject to the applicable privacy law of the market you are in, including:
              • Protect your own personal data; request relevant organisations and individuals to protect your personal data.Respect and protect others’ personal data.
              • Fully and accurately provide your personal data when you consent to the processing.
              • Participate in dissemination of personal data protection skills.
              • Comply with regulations of law on protection of personal data and prevent violations against regulations on protection of personal data.
  3. Addition of a new Section 11 “Unwanted consequences and damage that may occur”

    A new Section 11 is added at the end of Section 10, as follows:

    “We are not aware of, nor can we identify, any potential unwanted consequences or damage that may arise during the processing of your personal data. Notwithstanding our ongoing efforts to evaluate and implement appropriate security technologies and methodologies in the maintenance and development of our software and systems, it is important to note that, due to the inherent nature of cyber threats, the risks associated with them cannot be entirely eliminated.”


  1. Các “căn cứ xử lý” được nêu trong Thông báo về quyền riêng tư không nhất thiết là các căn cứ xử lý theo pháp luật về bảo vệ dữ liệu cá nhân của Việt Nam.
  2. Sửa đổi Mục 8 “Quyền của bạn”

    Tiêu đề của Mục này được sửa đổi thành: Quyền và nghĩa vụ của bạn”

    Một đoạn mới được bổ sung vào cuối Mục 8 như sau:
    Ngoài ra, bạn có thể có một số nghĩa vụ liên quan đến Dữ liệu Cá nhân của mình, tùy thuộc vào pháp luật bảo vệ dữ liệu cá nhân hiện hành tại nơi bạn đang sinh sống hoặc làm việc, bao gồm:
    Tự bảo vệ dữ liệu cá nhân của mình; yêu cầu các tổ chức, cá nhân có liên quan bảo vệ dữ liệu cá nhân của bạn.
              • Tôn trọng và bảo vệ dữ liệu cá nhân của người khác.
              • Cung cấp đầy đủ và chính xác dữ liệu cá nhân của bạn khi bạn đồng ý cho việc xử.
              • Tham gia phổ biến, tuyên truyền kỹ năng bảo vệ dữ liệu cá nhân.
              • Tuân thủ quy định của pháp luật về bảo vệ dữ liệu cá nhân và ngăn chặn hành vi vi phạm quy định về bảo vệ dữ liệu cá nhân.”
  3. Bổ sung Mục 11 mới “Hệ quả không mong muốn và thiệt hại có thể phát sinh”

    Một Mục 11 mới được bổ sung vào sau Mục 10, như sau:

    “Chúng tôi không nhận biết được, cũng như không thể xác định bất kỳ hệ quả không mong muốn hoặc thiệt hại nào có thể phát sinh trong quá trình xử lý dữ liệu cá nhân của bạn. Mặc dù chúng tôi luôn nỗ lực đánh giá và triển khai các công nghệ và phương pháp bảo mật phù hợp trong quá trình vận hành và phát triển phần mềm và hệ thống của mình, cần lưu ý rằng do bản chất vốn có của các mối đe dọa mạng, các rủi ro liên quan không thể được loại bỏ hoàn toàn.”