Kuraray Co., Ltd. and its group companies listed in Exhibit 1 attached hereto (hereinafter collectively, the “Kuraray Group”) are highly conscious of the importance of personal information. The Kuraray Group has established the following policies to safeguard personal information.
1. Management of personal information
- The Kuraray Group has appointed personal information managers in each organization that treats personal information. These managers are responsible for the security of personal information collected by their organizations.
- The Kuraray Group strives to prevent unauthorized access, leaks, or loss of personal information to ensure the security of personal information.
2. Use of personal information.
When the Kuraray Group collects personal information, the Kuraray Group will clearly specify the purpose of use, and the personal information will be used only for such purpose as specified. A data subject may refuse to provide its personal information at its discretion. The purpose of use of personal information is as follows;
- Customers, suppliers or vendors: business communications, providing information on services and products offered by the Kuraray Group,
- Shareholders: to allow execution of shareholders’ rights under the corporation law, to provide information and/or services to shareholders, administration of the shareholder registry,
- Job applicants: communication necessary for recruitment,
- Response to inquiries from the data subject, or
- Other purposes specifically informed to the data subject.
The Kuraray Group may, to the extent necessary for the purpose (1) or (4) mentioned above, share personal data (address, name, company name, telephone number, e-mail address, etc.) within the Kuraray Group.
3. Disclosure to third parties.
Except as stipulated below, the Kuraray Group will not release personal information to third parties. Providing information to contractors or affiliate companies by legitimate means is not considered as disclosure to third parties;
- With the explicit permission from the data subject,
- As required by law,
- When the provision of personal information is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the person,
- When the personal information is necessary for a state or local government in executing the affairs prescribed by laws and regulations and obtaining the consent of the person are likely to impede the execution of the affairs,
- When personal information is appropriately edited as statistical data by which the data subject cannot be identified, or
- When personal information is transferred in consequence of a merger, amalgamation or other corporate reorganization,
4. Changes in personal information.
A data subject has right to request to disclose, correct, add, delete, discontinue using, or erase its personal information the Kuraray Group has. The Kuraray Group will comply with these requests only after verification of the identity of the requestor. Inquiries with regard to personal information will be directed to the department to which the data subject provided its personal information. In the case that a data subject is not sure where to contact, inquiries may be accepted at:
Handling of Personal Information of Residents of the EEA
1. Purpose of use and Legal basis under GDPR for processing the personal data which the Kuraray Group processes;
- Customers, suppliers or vendors: business communications, providing information on services and products offered by the Kuraray Group. Legal basis: Consent of the data subject (GDPR Art.6(1) a) or Legitimate interest (GDPR Art.6(1) f)
- Response to inquiries and requests from the data subject. Legal basis: Consent of the data subject (GDPR Art.6(1) a) or Legitimate interest (GDPR Art.6(1) f)
2. When the Kuraray Group transfers personal data to its group companies or contractors listed in Exhibit 1 attached hereto, the personal data may be transferred to the counties outside the EEA. The Kuraray Group will transfer personal data only to the extent;
- the transfer to a country may take place where the EU Commission has decided that the country ensures an adequate level of protection of personal information (GDPR Art. 45),
- the transfer to a third party with whom the Kuraray Group executed the standard data protection clauses approved by the EU Commission (GDPR Art. 46.2）, or
- the transfer takes place on one of the conditions listed in GDPR49.1.
3. The Kuraray Group will store personal data for the appropriate period determined based on the criteria of the respective statutory retention period. After expiration of the period, the corresponding data no longer necessary will be deleted in accordance with the respective retention policy.
4. A resident of the EEA has the following rights in connection with his/her own personal data handled by the Kuraray Group;
- access (disclosure),
- restriction of processing,
- data portability,
- object to processing, and
- withdrawal of data processing consent.
The Request Form is attached hereto as Exhibit 2.
6. Contact information of the Data Protection Officer of the Kuraray Group in EEA:
- Kuraray Europe GmbH
- Philipp-Reis-Strasse 4
- 65795 Hattersheim / Germany
- Attn: Data Protection Officer
- Email: firstname.lastname@example.org
- Tel: +49-69-305-85358