1. Policy for Handling Personal Information
Acknowledging the importance of protecting personal information in today's advanced information-communications society, Nikkiso Co., Ltd. ("Nikkiso") and its domestic Group Companies ("Nikkiso Group") will endeavor to protect the personal information that Nikkiso Group handles in accordance with the policy provided below.
- (1) Compliance with laws and regulations and development of Internal Rules
Nikkiso Group will comply with laws and regulations concerning the protection of personal information. In order to implement this policy of the compliance ("Policy"), Nikkiso Group has developed this Policy, the "Internal Rules on Personal Information Protection," and other relevant rules and regulations, and has ensured that directors, audit & supervisory board members, officers and employees of Nikkiso Group and all those concerned (collectively "Officers and Employees, etc.") are familiarized with these, and will enact, maintain, and continuously improve them.
- (2) Collecting personal information
Nikkiso Group will collect personal information in a legitimate and fair manner.
- (3) Using personal information
- Nikkiso Group will use personal information within the purpose of use as presented upon collection thereof, to the extent necessary to carry out business operations.
- When sharing personal information with a third party or commissioning a third party to handle personal information, Nikkiso Group will conduct impartial investigations into the third party and perform proper supervision to ensure confidentiality is maintained.
- (4) Providing personal information to a third party
Nikkiso Group will not provide personal information to a third party without prior consent from the person concerned, unless otherwise required by law.
- (5) Measures for safe management of personal information
- Nikkiso Group will maintain the accuracy of personal information, and manage such information safely.
- Nikkiso Group will take proper security measures against unauthorized access and computer viruses, in order to prevent personal information from being lost, destroyed, falsified, or leaked.
- Nikkiso Group will not leak personal information by transmitting or carrying it outside our premises, etc.
- (6) Organizations and systems
- Nikkiso Group has appointed a Personal Information Protection Administrator to implement proper management of personal information.
- Nikkiso Group has provided the Officers and Employees, etc. with training on the protection and proper management of personal information, thereby ensuring appropriate handling of personal information in daily activities.
- (7) Disclosing, correcting, suspending the use of and deleting personal information
Acknowledging that a person owns the right to request disclosure, correction, suspension of use, or deletion of his or her personal information, Nikkiso Group will respond promptly to such requests.
- (8) Sharing Personal Information
Nikkiso may share customer information as follows:
- Details of customer information (including personal information) to be shared
- a. Name, address, telephone number, email address and name of organization customer is affiliated with
- b.Historical record of exhibitions, seminars etc. customer has attended
- c. Historical record of negotiations about or purchase of Nikkiso Group products ("Products") customer has been involved in
- Scope of users to share customer information
- Nikkiso Group, and its distributors and representatives
- Purposes of sharing by users
- a. Contact with customers
- b. Tasks and work involved in sales and maintenance of Products
- c. Providing information about exhibitions, seminars and services for Products
- d. Collecting information about the quality of Products and providing feedback for research and development, etc.
- Party responsible for management of customer information
Companies comprising Nikkiso Group
2. Policy for Handling Specific Personal Information
Nikkiso Group has set and implemented this policy to ensure the proper handling of specific personal information and personal numbers (collectively "Specific Personal Information") as an organization in accordance with the "Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures" ("My Number Act").
- (1) Compliance with related laws and regulations, and guidelines
Nikkiso Group will properly handle the Specific Personal Information in compliance with the My Number Act, the "Act on the Protection of Personal Information," and the "Guidelines for Proper Handling of Specific Personal Information (for Business Operators)," Nikkiso Group will properly handle the Specific Personal Information.
- (2) Purpose of use
Nikkiso Group will use the Specific Personal Information for the following purposes:
|"Personal Number-related Affairs" (including affairs-related to the matters listed on the right) pertaining to the Officers and Employees (including dependents)||Declarations and notifications, etc. pertaining to tax withholding|
|Declarations and notifications, etc. pertaining to resident tax|
|Declarations and notifications, etc. pertaining to social insurance and labor insurance|
|Preparation and provision, etc. of statutory documents concerning financial instruments transactions pertaining to stock ownership associations (affairs related to the entrusting of business by stock ownership associations to Nikkiso Group)|
|Notifications, claims, and provision of services, etc. pertaining to corporate pensions|
|Declarations and notifications as well as application form preparation, etc. pertaining to housing fund savings and pension savings|
|Preparation, etc. of payment records for each recipient of a retirement allowance, etc.|
|Preparation, etc. of payment records of salaries, etc. pertaining to non-residents|
|"Personal Number-related Affairs" (including affairs-related to the matters listed on the right) pertaining to the spouses of the Officers and Employees||Notifications, etc. of third insured persons of the national pension
|"Personal Number-related Affairs" (including affairs-related to the matters listed on the right) pertaining to individuals other than the Officers and Employees||Preparation, etc. of payment records of remuneration and fees, etc.|
|Preparation, etc. of payment records of distributions of dividends and surpluses as well as interest on funds|
|Preparation, etc. of payment records of rent, etc. for real properties|
|Preparation, etc. of payment records of considerations for inheriting real properties, etc.|
- (3) Matters concerning security control measures
To prevent the leakage, loss, falsification or damage, etc. of Specific Personal Information as well as the management thereof, Nikkiso Group has implemented the necessary and proper security control measures. Nikkiso Group also performs the necessary and proper supervision of employees and the outsourced contractors (including subcontractors, etc.) that handle Specific Personal Information. Matters concerning the security control measures for Specific Personal Information have been specifically set forth in the "Detailed Rules for Handling and Use of Specific Personal Information," and the "Manual for Handling Specific Personal Information," separately.
3. Policy for Handling Personal Data to which GDPR is applied
- (1) Compliance with laws and regulations
Nikkiso Co., Ltd. (the “Company”) and the Company’s affiliates (the “Nikkiso Group”) recognize that the protection of your personal data is of great importance. This Policy applies to the Company and all members of the Nikkiso Group.*
* If a certain company in the Company Group enacts its own policy and the policy provides that the terms of the policy supersedes the terms of this Policy, the terms of the above company’s policy are applied.
If EU and EU Member States regulations on data protection, in particular General Data Protection Regulation 2016/679 (the “GDPR”) are applied to you (referred to as “you” throughout this Policy), we process your personal data in compliance with GDPR. This Policy explains how we, as the data controller, obtain and process your personal data.
- (2) Collection of Personal Data
We may collect and use the following personal data, depending on your relationship with us.
|General Data Categories
|Specific Types of Data (Small Classifications)|
|1.Contact Information||Name, phone numbers, signatures, email addresses, physical addresses, birth date, job titles, gender, nationalities, proof of residence and other contact information.|
|2.Data Related to Transactions||Purchase, payment and other information obtained through transactions between us.|
|3.Requested Information and Website Use||The information you have requested, the pages you visit at our website, the items you view, information related to your interests in products or services and other information related to website use.|
|4.Data Related to Your Devices and Cookies etc.||Digital identifiers such as a device numbers, browsers, log-in, passwords, cookies and IP addresses.|
|5.Communications||Communications that you have with our personnel or customer service centers.|
|6.Image Data||Photographs, surveillance images, moving images and other image data.|
|7.Identification Numbers||Information for identity verification which are required by applicable laws etc. such as driver’s license, passport, national ID number, social security number and proof of residence.|
|8.Data Related to Application for Employment (where permitted by applicable laws)||Name, phone numbers, signatures, email addresses, physical addresses, birth date, job titles, gender, nationalities, other contact information, professional qualifications, previous work experience, education level, competencies and skills, current base compensation, personal interests, information contained in your social media accounts or personal websites or accounts (e.g. Twitter), Curriculum vitae, résumé, any information obtained through the recruitment process (e.g. assessment of your ability) and any other information you may wish to provide to us as part of your application.|
|9.Data Related to Health Status of patients who use our medical products||Health status and physical characteristics.|
|10.Data Related to Violation of Laws||Any data related to legal disputes/violation of laws.|
|11.Other Personal Data Related to Statutory Provisions||Personal data required pursuant to statutory provisions.|
- (3) Legal Basis for Processing / Categories of Personal Data Subject to Processing
We process the following categories of your personal data based on the legal basis provided for in the GDPR (Articles 6 and 7). The legal basis will depend on the personal data we collect from you. The examples of the legal basis are listed below.
- Your consent.
- Performance of a contract to which you are a party.
- Compliance with our legal obligations.
- Our legitimate interest.
In many cases, the legal basis will be to pursue our legitimate interests. For details regarding the legitimate interests, please inquire using the contact details at the end of this Policy.
Further, we may process your personal data of a sensitive nature, including your religious beliefs and health status, in accordance with special criteria provided for in the GDPR (Articles 9 and 10) and only to the extent permitted by applicable laws.
We obtain and process the following categories of your personal data types of which are listed in the above (2) of this Policy for the following purposes.
|Categories of Personal Data||Purposes|
|1.Personal Data of Customers||
|2.Personal Data of Government Office Workers and Civil Servants||Communicating with competent government authorities for operation of business.|
|3.Personal Data of Employees of Business Partners including suppliers and distributors||Communicating with the partners for operation of business or conducting projects.|
|4.Personal Data Consigned from Business Partners||Safekeeping and handling personal data on behalf of the partners.|
|5.Personal Data of Doctors and Other Personnel Working at Medical Institutions||
|6.Your Personal Data of Who Contact Our Call Centers, Public Relations Departments or Other Contact Persons||
|7.Personal Data of Applicants for Employment||
|8.Personal data of patients who use our medical products||
|9.Purposes Related to the Above 1.- 8.||
As stated in the below (7) of this Policy, you have the right to withdraw your consent to the processing of your personal data at any time by using the contact details at the end of this Policy. However, your withdrawal of consent will not affect the legality of processing conducted based on your consent before its withdrawal.
We do not conduct any decision-making based solely on automated processing, including profiling, that produces any legal or similar material effects on you.
We will notify you separately, if the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as the possible consequences of failure to provide such data.
As for personal data related to our human resources department, this Policy is applied only to personal data of applicants for employment and not applied to personal data of employees already hired by us. The privacy notice (Article 13 and 14 of GDPR) for the hired employees are separately provided by us.
- (4) Sources of Personal Data
We obtain your personal data directly from you or indirectly through third parties such as those stated below:
Business Partners; data brokers; employment agencies; hospitals; medical institutions; or public sources such as social media accounts and personal websites or accounts.
- (5) Retention Period for Personal Data
We will retain your personal data for as long as necessary to fulfill the aforementioned purposes for obtaining and processing your personal data. Specific retention periods are decided based on the following considerations: the purpose for obtaining and processing the personal data; the nature of the personal data; and the necessity of retaining the personal data for legal or business reasons.
- (6) Sharing and Disclosure of Personal Data
We share and disclose your personal data to the following third parties in accordance with the GDPR for the purposes stated in this Policy.
- Companies in the Nikkiso Group and their employees. (URL: https://www.nikkiso.com/company/location/group.html)
- Suppliers and other business partners with whom we have a business relationship and who provide products and services to us in relation to your personal data (such as marketing, data analysis, event management, warehousing, delivery, support and maintenance etc.).
- Our distributors, sales agents, hospitals, medical institutions, insurance companies, business partners who are involved in the business or work related to your personal data.
- Third-party service providers which provide compliance-related system, DMS, ERP system including online recruitment system and other IT-related service in relation to your personal data.
- Payment processing companies.
- Employment agencies.
- Legal or other professional advisers and auditors.
- In the event that we sell any business assets, personal information may be disclosed to a potential buyer.
- Police and competent government authorities when it is necessary to comply with legal obligations, including where an obligation arises as a result of a voluntary act.
- Third parties when it is necessary for some other justifiable reasons that are permitted by applicable laws and regulations.
As a result of the aforementioned sharing and disclosure, in some cases your personal data will be transferred to the third countries outside the European Economic Area where a Nikkiso Group is located. The third countries can be found at the website (URL: https://www.nikkiso.com/company/location/group.html).
In such a case, we will implement appropriate safeguards by executing with the transferee the standard data protection clauses (Article 46(2)(c) and (5) of the GDPR) approved by the European Commission. If you wish to receive a documentation related to these safeguards, please inquire using the contact details at the end of this Policy.
- (7) Your Rights
You have the following rights regarding personal data obtained and processed by us.
- Obtaining information regarding processing of data
You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 of the GDPR).
- Access to personal data:
You have the right to obtain from us confirmation as to whether personal data concerning you are being processed, and, if so, then access to the personal data and certain related information (Article 15 of the GDPR).
- Rectification or erasure of personal data:
You have the right to have us rectify inaccurate personal data concerning you without undue delay and the right to have us complete any incomplete personal data (Article 16 of the GDPR). Also, if certain conditions are satisfied, you will have the right to have us delete personal data concerning you without undue delay (Article 17 of the GDPR).
- Restriction on processing of personal data:
If certain conditions are satisfied, you will have the right to have us restrict processing of personal data concerning you (Article 18 of the GDPR).
- Objection to processing of personal data:
If certain conditions are satisfied, you will have the right to object to processing of personal data concerning you (Article 21 of the GDPR).
- Data portability of personal data:
If certain conditions are satisfied, you will have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from us (Article 20 of the GDPR).
- Not to be subject to automated decision-making:
If certain conditions are satisfied, you will have the right not to be subject to decision-making based solely on automated processing, including profiling, that produces any legal or similar material effect on you (Article 22 of the GDPR).
If you intend to exercise any of the aforementioned rights, please inquire using the contact details at the end of this Policy.
You can lodge a complaint in relation to our processing of your personal data with the Data Protection Supervisory Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.
- Obtaining information regarding processing of data
- (8) Amendment to this Policy
We may amend this Policy from time to time. We will contact you through this website, and where appropriate by email if we make any substantive or material amendments.
For questions or inquiries regarding this Policy, please contact the Inquiry Counter of the company of Nikkiso Group to which you provided the personal information, specific personal information or personal data. Nikkiso Co., Ltd.’s contact details are as follows.
Nikkiso Co., Ltd.
20-3, Ebisu, 4-Chome, Shibuya-ku, Tokyo 150-6022, Japan