Our Policy Statement of Processing of Personal Data
We, Mutual Corporation, recognize the importance of personal data and process such information from customers and relevant persons in compliance with the relevant applicable rules and laws on the personal data based upon the following principles.
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed as well as accurate and, where necessary, kept up to date.
Personal Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
This Policy Statement is to demonstrate our compliance with General Data Protecting Regulation promulgated by European Union (“GDPR”) and other regulations applicable to the relevant personal data.
The term of the “personal data” means any information relating to an identified or identifiable natural person (“data subject”) and the term of the “process” or “processing” means any operation or set of operations which is performed on personal data or on sets of personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- 1. Purpose of Process of Personal Data
We have engaged business of machine manufacturing, sales, import, export, installation, maintenance, engineering and all the other related activities. For all the personal data, whether GDPR is applicable, we process the personal data for the purposes to:
- Provide information on our company group, our products or services and all the other information related to our business or business activities, including the information on campaigns and exhibitions using telephone, internet, facsimile, e-mail, mail or other appropriate media, where necessary or appropriate, sending brochures, pamphlets, samples or other materials;
- Receive customer responses, evaluation, opinions or surveys to our company group, business or existing or prospective products or services, including sending questionnaires or other appropriate materials; or
- Communicate with data subject for discussions, follow-ups, answer to the questions or demands, dispute resolution and other necessary for our business activities (including recruitment and other human resource activities as well as investor relation activities)
Where we have collected the personal data (except based upon “consent” where the consent determines the manners of the processing), we will not process the personal data for other purpose not compatible with the purpose for which the personal data is initially collected. In considering the compatibility of the purpose, various factors will be referred and determined.
Notwithstanding foregoing, where the applicable rules and laws permits, we will process the personal data if it is necessary:
- to protect the vital interests of the data subject or of another natural person
- for the performance of a task carried out in the public interest or
- for the performance of the public obligation ordered or required by the administrative agency or judicial institute.
The purposes described above is projected to meet the requirement of the public notice under the Personal Information Protection Act of Japan (Heisei 15 Year Legislative No57) or other rules and laws that require the similar public notice.
- 2. Manner of Collection
We generally collect the personal data as it is necessary for the purposes of the legitimate interests pursued by us.
However, in collecting the personal data, where we do not have the lawful basis other than “consent” under the applicable rules and laws, we collect the personal data after provision of the below information to the data subject, unless the data subject already has the information (the same is true when the personal data has been provided from the third party other than the data subject):
- the identity and the contact details of us,
- the purposes of the processing for the personal data and legal basis of the processing,
- the personal data may be transferred to Japan,
- the period for which the personal data will be stored or the criteria used to determine that period,
- the right to access to and rectify or erase the personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability to the extent permitted by GDPR,
- the right to withdraw consent to the extent permitted by GDPR,
- the right to lodge a complaint with a supervisory authority,
- whether the provision of the personal data is statutory or contractual requirement and possible consequences for failure to the personal data,
Where the personal data has been collected by exchange of the business cards at fairs, exhibitions or other business settings or by other methods inviting the business communication from us, we collect and record the information such as name of the person and contact method (such as e-mail address, phone number etc) , name of the company or other business information.
It is our understanding that the personal data provided to us in such occasions is reasonably expected to be recorded in our system and used for the purpose described in paragraph 1 “Purpose of Process of Personal Data” of this Policy Statement, which will satisfy the legitimate interests of the data subject and us. Where practically feasible such as collection of the personal data via our website, we will request the data subject to click the words of “I agree” when the data subject provides the personal data with us, so that we can make sure the data subject has agreed to the processing in accordance with this Policy Statement.
If the data subject who has received the communication from us has made an objection to such use of the personal data by us, we will not process the personal data any further, except to the extent that we have the legal basis on which we can rely for processing of the personal data.
The data subject has the right to withdraw his or her consent at any time in any manner as long as such notice of withdrawal has duly communicated the necessary facts to us, including name of the data subject and address. We recommend the below e-mail address for the communication for notice of the withdrawal and we may reply to the e-mail for further information to confirm the identity of the data subject or any other information where necessary or appropriate.
Mutual Data Protection Team
Contact E-mail Address: firstname.lastname@example.org
- 3. Security and Notice of Personal Data Breach
- Security of Personal Data
In order to minimize the risk of accidental leak, damage, loss or tampering and unauthorized access with respect to the personal data, we have implemented appropriate security measures on hardware and software which will be reviewed and updated where necessary. In addition, we also have provided the employees with education and training program on personal data protection. For the personal data collected from our website, we use the SSL technology which encrypts the data transmitted via the website.
We are using the service named “Google Analytics” provided by Google, Inc. to gather general information which does not identify the data subject. Analysis may be conducted through a generated text file “Cookie,“ and customer information such as IP address may be collected by Google, Inc. We assume that you have given your consent to Google Inc. for the processing. Links to other websites may also exist on our website; however, we are not responsible for the protection of personal data where you have accessed to the linked websites.
- Personal Data Breach
Regardless of any security measures taken by us, breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (“personal data breach”) may happen.
In the case of a personal data breach, we will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with the relevant applicable rules and laws, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate, unless disproportionate efforts are required, the personal data breach to the data subject without undue delay in accordance with the applicable rules and laws.
- 4. Date Transfer
- The personal data is transferred and recorded in our system located in Japan.
- Merger or Sale of Business
In the event that our business has been sold to or merged with other company, the personal data concerning the business will be transferred to the other company. At the negotiation phase of such transactions, the personal data will be disclosed only to the extent necessary to the other company based upon the confidentiality agreement. We will close the transaction when we have a reasonable belief that the other company has appropriate security measures for protection of the personal data, that the data subject will not have substantive disadvantage or damage for the transaction and that the other company will process the personal data in compliance with the applicable laws.
- Transfer Among Group Companies and Related Persons
Where the personal data is collected at the business settings and we can understand that the personal data is reasonably expected to be processed for introduction of the business (i.e. the products and services of us and/or third parties) of our affiliated companies, our distributors, our agents, our joint venture companies and third parties (“Related Persons”) who are dealing with the products or services with us, we will process the personal data so that the Related Persons may provide the data subject with the information described at the paragraph 1 “Purpose of Process of Personal Data” of this Policy Statement .
If the data subject who has received the communication from the Related Persons has made objection to the processing of the personal data by the Related Persons, we will not have the Related Persons process the personal data, unless we can rely on other legal base for processing of the personal data.
- 5. Processing by Other Processors
Where processing is to be carried out by a third party on behalf of us (“processor”), we use the processor providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of the relevant rules and laws and ensure the protection of the rights of the data subject.
In such case, we will have an appropriate agreement with the processor, specifying the terms requested by the applicable laws, including the terms on confidentiality, no-use of another processor without consent and required level of the technical or organizational measures.
- 6. Complaint about Personal Data
We have appointed appropriate staff with management support to oversee and ensure compliance with the GDPR.
The data subject may send complaints in writing by contacting the Mutual Data Protection Team at email@example.com or other e-mail address notified at our website from time to time.
After receiving the complaint, the Data Protection Team will send an acknowledgement of receipt within one week to the data subject. The confirmation may include further questions necessary for the clarification of the issues.
The Data Protection Team will provide an answer to the data subject as soon as reasonably practicable, but no later than one month upon receiving the complaint. If, due to complexity of the complaint, response within one month proves to be difficult, the data subject will be notified with a reasonable estimate of the timeframe, but not exceeding two months from the notice.
- 7. Changes to the Policy Statement
We may revise or update this Policy Statement from time to time. Any changes we may make concerning our Policy Statement in the future will be posted on our webpage.
- 8. Contact
Contact E-mail Address: firstname.lastname@example.org