Personal Information Protection Policy
1. Policy on the Protection of Personal Information
In light of the usefulness of personal information and specific personal information, etc. (individual numbers and personal information that includes individual numbers in its contents; hereinafter the same) in an advanced information and telecommunication society, Sumitomo Riko Company Limited (hereinafter referred to as "the Company") protects personal information in the acquisition, use, provision to third parties, storage, and disposal of personal information and specific personal information, etc. as part of its compliance activities based on the following policies.
The Company will work to protect personal information and specific personal information as an important management issue for itself, and as the parent company, shall guide and supervise the development of the management system of each group company.
- (1) In order to ensure the appropriate handling of personal information and specific personal information, etc., the Company has established a basic policy stating that it shall comply with the "Act on the Protection of Personal Information," the "Act on the Use of Numbers to Identify a Specific Individuals in Administrative Procedures," and related laws and regulations.
- (2) Personal information and specific personal information shall be obtained in a legal, fair, and transparent manner. In addition, the Company shall clarify the purpose of use and shall not use the information for any other purpose.
- (3) The Company shall establish regulations on how to handle personal information and specific personal information, as well as on the persons in charge and their duties. Also, the Company shall manage personal information and specific personal information, etc., taking into consideration their importance, purpose of use, and method of use, and the Company shall continue to implement initiatives to improve management by periodically checking the appropriateness and sufficiency of management.
- (4) The Company shall respond in good faith to requests from individuals to disclose, correct, delete, or suspend the use of their personal information and specific personal information. However, this shall not apply in the event of a violation of laws and regulations.
- (5) To prevent leakage, loss, falsification, damage, use for purposes other than those for which the information is intended, and other inappropriate handling of personal information and specific personal information, etc., the Company shall take safe control measures to handle personal information and specific personal information, etc., accurately and appropriately, as described below.
①Organizational Safety Control Measures
- In addition to appointing a person in charge of the handling of personal information and specific personal information, etc., the Company has clarified the employees who handle personal information and specific personal information, etc., and the scope of personal information and specific personal information, etc., handled by such employees, and have established a system for reporting and contacting the person in charge when facts or signs of violations of laws or handling regulations are identified.
②Physical Safety Management Measures
- The Company regularly provide training to our employees on matters related to personal information protection and information security, and the Company has also included matters related to employee confidentiality in our employment regulations to ensure that all employees are aware of them.
③Physical Safety Management Measures
- In areas where personal information and specific personal information are handled, the Company has implemented measures to control employee access, restrict the use of equipment, and prevent unauthorized persons from viewing personal information.
- The Company has taken measures to prevent the theft or loss of equipment and electronic media that handle personal information and specific personal information, etc., as well as measures to prevent personal information and specific personal information, etc., from being easily revealed when such equipment and electronic media are carried.
④Technical Safety Management Measures
- Access control is implemented to limit the scope of personnel in charge and personal information databases, etc. handled, and information systems for handling personal information and specific personal information, etc. are introduced to protect against unauthorized access from outside or unauthorized software.
⑤ Understanding the External Environment
- The Company implement safety management measures based on an understanding of the systems for the protection of personal information in foreign countries where our overseas bases are located.
- (6) In the event that the Company outsource the processing of personal information or specific personal information to a third party, the Company shall appropriately supervise the third party to ensure that the personal information or specific personal information is securely managed.
- (7) If it is found that personal information or specific personal information is not being handled appropriately, or if there is a possibility that this may be the case, the Company shall promptly notify the individual concerned and make a sincere effort to investigate the cause of the problem and prevent its recurrence.
2. Contact for Inquiries
The Company has established the following contact for inquiries regarding personal information management.
General Affairs Department, Sumitomo Riko Company Limited
TEL: 052-571-0235 (Business hours: 9:00-17:00 on weekdays)
JP Tower Nagoya, 1-1-1 Meieki, Nakamura-ku, Nagoya-shi, 450-6316
Handling of Personal Information
1
The Company shall use personal data (as defined below) obtained from our customers, business partners, etc. for our business activities such as automobile related business, electronics business, industrial materials business, living environment business and health and nursing care business within the scope defined below.
Personal Information
Personal information is any information about a natural person (individual) who has been identified or can be identified. It includes names, addresses, telephone numbers, e-mail addresses, and other information that can be used to identify the individual concerned. Personal information also includes information that cannot be used to identify an individual by itself, but can be easily cross-checked with other information to identify an individual as a result.
(1) Personal Information regarding Customers
- - To provide and propose various information such as product information and campaign information about our products, products of our affiliates, and services as well as provision of other information, proposal and sending of various materials such as catalogs, etc.
- - Sales and provision of the Company and our affiliates' products and services, and support services such as maintenance.
- - Planning, research, development, and quality improvement of products and services handled by the Company
- - Sales and marketing of products and services, etc.
- - Marketing activities to develop new business partners for the Company's products, services, etc. by analyzing acquired browsing history, etc.
- - Provision of information on seminars, exhibitions and events
- - Responding to inquiries and consultations
- - Implementation of questionnaire surveys, analysis, and business utilization of analysis results
- - Implementation of other operations related to the above
(2) Personal Information regarding Shareholders
- - Exercise of rights and performance of obligations under laws and regulations
- - Provision of various services as an issuer
- - Implementation of various shareholder policies
- - Management of shareholders, including preparation of data in accordance with various laws and regulations
- - Implementation of other activities incidental or related to the above
(3) Information regarding executives and employees of each of our business partners
- - Various business communication and negotiations, etc. necessary for business
- - Business partners’ information management, expenditure and revenue management
- - Management related to contracts
- - Implementation of other activities incidental or related to the above
(4) Personal Information regarding Applicants for Employment
- - Sending of employment information to applicants and contact with them in connection with the selection process
- - Management of recruiting activities
- - Implementation of other activities incidental or related to the above
(5) Personal Information obtained in relation to the automobile introduction campaign system
- - Operation of the automobile introduction campaign and various communications
(6) Others
- - Other purposes of use as individually noticed or publicly announced
2
The Company shall share personal information such as address, name, company name, affiliation, position, telephone number, e-mail address, transaction information, and inquiry details with Sumitomo Riko Group companies to the extent necessary to achieve the purpose of use described in the preceding paragraph.
Person responsible for management of personal information
Sumitomo Riko Company Limited
3
The Company shall provide automobile manufacturers and dealers with personal information, such as the address, name, company name, telephone number, e-mail address, application details, etc. of purchasers and automobile dealer personnel obtained in connection with the automobile introduction campaign system.
4
For some of our products or services, the Company shall process personal information obtained from customers into pseudonymized information and use it for research and development, quality improvement, and improvement (e.g., processing data including personal information obtained from verification tests using our products into pseudonymized information and using it for research and development, quality improvement, and improvement of other products within our group).
5
The Company shall not provide the acquired personal information to any third party, except in the cases specific in the preceding paragraph or in any of the following cases
- (1) where it is necessary for protecting the life, body or property of humans, when the consent of the Person is obtained or when it is difficult to obtain a consent of the Person
- (2) When the provision of personal information is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the individual
- (3) When the provision of personal information is necessary for cooperating with a national agency, a local government, or a person or organization entrusted by either of the foregoing in executing affairs prescribed by laws and regulations, and when obtaining the consent of the individual is likely to impede the execution of such affairs
- (4) When required by other laws and regulations
- (5) When the consent of the individual concerned has been obtained in advance
- (6) When disclosing and providing personal information to a subcontractor within the scope necessary to implement the purpose of use
- (7) When the information is used jointly
- (8) When personal information is provided in connection with the succession of a business due to a merger, corporate separation, or business transfer
6
With regard to personal information subject to disclosure in the Company's possession, in principle, only the person himself/herself can make a request for notification of the purpose of use, disclosure, correction, addition or deletion of content, suspension of use, deletion, and suspension of provision to third parties. Please note that the Company may not be able to respond to changes in personal information when such changes require a large amount of money or when it is difficult to make other changes in personal information and we take alternative measures necessary to protect the rights and interests of the individual.
7
When responding to a request for disclosure, correction, deletion, or suspension of use of personal information, etc., the Company shall confirm the identity of the individual by using information that can identify the individual (name, address, telephone number, date of birth, e-mail address, etc.). However, the Company shall not be responsible if information that can identify an individual is obtained by someone other than the individual.
8
The Company shall handle personal data subject to the GDPR (EU's General Data Protection Regulation) obtained from residents of the European Union (for the purposes of this policy, including Iceland, Liechtenstein and Norway, hereinafter referred to as the "EU") as follows.
GDPR Privacy Policy
9
If you have any complaints or suggestions regarding the Company's handling of personal information, please contact us at the following address.
JP Tower Nagoya, 1-1-1 Meieki, Nakamura-ku, Nagoya-shi, 450-6316
General Affairs Department, Sumitomo Riko Company Limited
TEL: 052-571-0235 (Business hours: 9:00-17:00 on weekdays)
10
This website may automatically collect information using cookies, which are information files stored on your computer in order to make your visit to this website more comfortable. This does not infringe on your privacy, nor does it have any negative impact on your computer.
11
The Company may revise all or part of the contents of this policy as necessary. In the event of a revision, we shall announce the revision by posting it on the website.