Privacy Policy

KUMIAI CHEMICAL INDUSTRY CO.,LTD. (The “Company”) (information on our representatives and address is available here.) recognizes that companies have an important social responsibility to comply with the relevant laws, regulations, and the like including laws and regulations of each country regarding protection of personal information and to appropriately handle personal information, and will handle personal information appropriately in accordance with the Basic Policy on the Protection of Personal Information.

Ⅰ.Basic Policy on the Protection of Personal Information

1.Compliance with Laws, Regulations, Etc.

The Company will comply with the relevant laws and regulations of each country regarding the protection of personal information.

2.Use of Personal Information

The Company will use personal information only within the scope of the purposes of use when obtaining the personal information and only within the extent necessary for performing its operations.

3.Obtainment and Collection of Personal Information

When obtaining personal information, the Company will clearly state the purpose of use and will obtain such personal information upon obtaining the consent of our individual customers, our trading partners, or our shareholders (collectively, the “Individual”).

4.Provision of Personal Information to Third Parties

Except as permitted by laws and regulations, the Company will not provide personal information which it has collected to third parties without obtaining the consent of the Individual.

5.Security Control of Personal Information

The Company will take necessary and appropriate security control measures including measures for the prevention of unauthorized access to, divulgence of, or loss or damage of personal information.

6.Inquiry, Disclosure, Correction, or the like of Personal Information

If an Individual requests disclosure, correction, or the like of his or her personal information or makes inquiries, the Company will make efforts to handle such requests or inquiries as promptly as practicable in accordance with laws and regulations.

Ⅱ.DATA PRIVACY STATEMENT FOR GDPR

KUMIAI CHEMICAL INDUSTRY CO.,LTD. (The “Company”) fully respects the Act on the Protection of Personal Information (the Personal Information Protection Act) and other relevant laws and regulations, and the statement of intent of the EU General Data Protection Regulations (the “GDPR”) which proclaim that the appropriate protection of personal data is a fundamental human right, recognize the importance of protection of privacy, and will exercise its best efforts to protect and appropriately control the personal data of our individual customers, officers and employees of our corporate customers, our trading partners, or our shareholders who are located in the EU (collectively, the “Customer” or “you”).

In order to protect Customers’ personal data, the Company will comply with the applicable data protection regulations of the EU, the member states of EEA (European Economic Area), and the U.K., especially the General Data Protection Regulation 2016/679 (the GDPR) and the GDPR as it is incorporated into U.K. law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (the UK GDPR) (hereinafter the GDPR and the UK GDPR shall collectively be referred to as the “GDPR”), and will appropriately process the personal data of our Customers as follows.

1.The Categories of Personal Data which are Subject to the Processing of Personal Data

The Company will process (meaning any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means; this operation means acts such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction. The same applies below.) personal data of its Customers such as those prescribed below.

  • Information provided by a Customer in written form or through interviews or the like (such as name, age, gender, date of birth, nationality, place of birth, academic record, employment history, years of service, hobbies, preferences for luxury grocery items, food and beverages, the name of your current employer, department, title, company address, company phone number, company FAX number, company e-mail address, personal phone number, personal FAX number, and personal e-mail address).
  • Information for accurately responding to a Customer’s requests regarding dietary restrictions due to allergies, medical conditions, and religion when the Customer visits the Company (such as medical history, information concerning allergies, and religion).
  • Information obtained through cookies when a Customer visits the website (such as log files, IP addresses, and browsing history).
  • Information provided by a Customer by using the e-mail form on the contact us page of the Company through an internet browser (such as name, nationality, affiliation, e-mail address, and the content entered on the e-mail form).

2.Statutory or Contractual Requirement, or a Requirement Necessary to Enter Into a Contract

The provision of your personal data may be mandatory for various reasons, such as being a statutory or contractual requirement, or a requirement necessary when entering into a contract. If such personal data which must be provided is not provided,the Company may not be able to provide goods or services to or otherwise respond to the requests of the Customer.

3. Data Controller

Company will also ensure the accuracy of the personal data and take necessary security measures pursuant to its internal rules.

4.Purpose of Use of and Legal Basis for Processing Personal Data

The Company will process Customers’ personal data as a data controller. The Company will determine a person responsible for the control of data pursuant to the internal rules of the Company. The The Company will process the personal data of our individual customers based on the legal basis below in order to carry out the purposes listed below. For details regarding the balancing test where the legal basis for processing is for legitimate interests, please inquire with us as set out in the contact information prescribed in 13. below.

(1)To provide technical information regarding the use of the Company’s products: Performance of contractual obligations

(2)To collect and analyze information for the purpose of developing new products and enhancing services, and for marketing activities such as questionnaires: Legitimate interests

(3)To respond to inquiries or complaints concerning the Company’s products: Performance of contractual obligations when responding to a purchaser or prospective purchaser of the product; Legitimate interests in other cases

(4)For management of risks and to comply with laws and regulations: Compliance with legal obligations in the case of Union or Member State law of EU or U.K. law; Legitimate interests in other cases

(5)To ensure the security of and manage access to the facilities, systems, or website of the Company: Legitimate interests

(6)To improve and enhance the convenience of the Company’s website through analysis of browsing history and the like of the users: Legitimate interests (Consent when using cookies which are not strictly necessary)

(7)To conduct other operations incidental to the foregoing: the legal basis for processing of the items above will apply mutatis mutandis

The Company will process the personal data of officers and employees of our corporate customers in order to carry out the purposes listed below.

(1)To conduct business negotiations, to communicate for business purposes, and to provide information regarding the Company’s products and services: Performance of contractual obligations

(2)To prepare for interviews, informal conversations involving meals, or the like with the officers and employees of your company: Legitimate interests

(3)For management of risks and to comply with laws and regulations: Compliance with legal obligations in the case of Union or Member State law of EU or U.K. law; Legitimate interests in other cases

(4)To ensure the security of and manage access to the facilities, systems, or website of the Company: Legitimate interests

(5)To improve and enhance the convenience of the Company’s website through analysis of browsing history and the like of the users: Legitimate interests (Consent when using cookies which are not strictly necessary)

(6)To conduct other operations incidental to the foregoing: the legal basis for processing of the items above will apply mutatis mutandis

When the Company processes Customers’ personal data for purposes other than those prescribed above, the Company will notify the new purpose of use and other matters necessary under the law to Customers prior to such processing.

The Company will conduct processing of special categories of personal data of Customers based on the explicit consent of the Customer.

5.Sharing of Personal Data

The Company may, as necessary, jointly use with each domestic company of the Company group the name, address, telephone number, e-mail address, affiliation, department name, and details of Customer inquiries among personal data obtained by the Company. The purposes of use of a joint user are the same as the purposes of use stated in “4” above. The Company is responsible for controlling those personal data.

For the purposes stated in “4” above, the Company may share a Customer’s personal data with contractors to whom the Company delegates the creation and management of its website, in order to improve and enhance the convenience of the website.

6.Transmission of Personal Data

The Company may transmit a Customer’s personal data to Japan and the U.S. outside the EEA and the U.K. in relation to sharing personal data within the scope of “5.”
With regard to transmission of personal data to Japan, the Company will base such transmission on adequacy decision, and with regard to transmission of personal data to the U.S., the Company will execute standard contractual clauses (SCC) in accordance with Article 46, Paragraph 2, item (c) and Paragraph 5 of the GDPR. If you would like detailed information on those protective measures, please contact us as set out below.

7.Retention Period for Personal Data

The Company will retain a Customer’s personal data as long as it is necessary in order to achieve the purposes stated above, but will promptly erase them if it is no longer necessary. In order to determine an appropriate storage period for personal data, the Company will take into consideration the quantity, nature, and sensitivity of the personal data, the risk of potential damage from unauthorized use or disclosure of the personal data, the purposes for which the Company will process the personal data, and whether those purposes can be achieved by other means, as well as the applicable legal requirements.

8.Security Control Measures

Pursuant to the Basic Policy on the Protection of Personal Data and the internal rules on the protection of personal data, the Company will take measures for preventing unauthorized access to, or the leakage, loss, or damage of, personal data, as well as other necessary and appropriate security control measures.

(1)Formulation of basic policy

In order to ensure the proper handling of personal data, the Company has formulated a basic policy regarding compliance with the relevant laws and regulations, guidelines, and the like, a contact for handling questions and complaints, and other related matters, and has published the basic policy in “I. Basic Policy on the Protection of Personal Data.”

(2)Establishment of disciplines on the handling of personal data

The Company has formulated rules for the handling of personal data with regard to handling methods, a responsible person and person in charge, their duties, and other related matters for each stage, such as obtainment, use, storage, provision, deletion, and destruction.

(3)Organizational security control measures

The Company has established a person responsible for the control of personal data, and has developed a system to investigate the status of the control of personal data and to regularly organize personal data.

(4)Human security control measures

The Company provides regular education and guidance to its employees on matters to be noted regarding the handling of personal data. In addition, matters regarding the confidentiality of personal data are prescribed in the Work Rules.

(5)Physical security control measures and technical security control measures

In addition to keeping personal data on print media under lock and key, the Company has introduced a system to protect information systems that handle personal data on electronic media from unauthorized access from outside or unauthorized software. Pursuant to our internal rules on information security, the Company implements access control and relocates and destroys electronic devices and electronic media that handle personal data.

(6) Understanding of external environment

The Company will take security control measures based on an understanding of the systems for protecting personal data in countries where personal data is stored.

9. Customer’s Rights Pertaining to Processing of Personal Data

Under certain conditions prescribed by the Personal Information Protection Act, a Customer has the following rights to their retained personal data that the Company holds.

(1)Notification of purposes of use

(2)Disclosure

(3)Correction, addition, or deletion in regard to the contents

(4)Suspension of use

(5)Disclosure of a record on a third-party provision

(6)Suspension of third-party provision

Under certain conditions prescribed by the GDPR, a Customer also has the following rights to its personal data that the Company holds.

  • Obtainment of information relating to data processing: A Customer has the right to obtain from the Company all necessary information on its data processing activities related to the Customer (Articles 13 and 14 of the GDPR).
  • Access to personal data: A Customer has the right to obtain from the Company a confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and the certain relevant information (Article 15 of the GDPR).
  • Rectification or erasure of personal data: A Customer has the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning them and has the right to have incomplete personal data completed by the Company (Article 16 of the GDPR). In addition, if certain conditions are met, a Customer has the right to obtain from the Company the erasure of personal data concerning them without undue delay (Article 17 of the GDPR).
  • Restrictions on processing of personal data: If certain conditions are met, a Customer has the right to obtain from the Company restriction of processing of personal data concerning them (Article 18 of the GDPR).
  • Objection to processing of personal data: If certain conditions are met, a Customer has the right to object to processing of personal data concerning them (Article 21 of the GDPR).
  • Data portability of personal data: If certain conditions are met, a Customer has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Company (Article 20 of the GDPR).
  • Right to withdraw consent: A Customer has the right to withdraw their consent at any time by means separately designated when the Company obtains their consent. However, the Customer’s withdrawal of consent shall not affect the lawfulness of processing conducted based on consent before its withdrawal.

If you wish to exercise these rights, please contact us as set out below.

A Customer also has the right not to be subject to automated decision-making, including profiling, but the Company is not engaged in such processing.

In addition, a Customer may directly file a complaint regarding the processing of their personal data by the Company with the relevant supervisory authorities listed here if the Customer resides in the EEA or with the Information Commissioner's Office if the Customer resides in the U.K.

10.Sending Marketing Materials

If you wish to stop receiving information about our products or services and any other marketing materials, please contact us as set out below.

11.Use of Cookies

“Cookies” are small text files that are stored on the hard drive or mobile device of a website’s user. Cookies are created by a web server while a user is browsing a website, passed to the user’s computer or mobile device, and stored for future access. Cookies perform functions related to website browsing, and can enhance user convenience on websites by tailoring websites according to user settings and browsing. The Company’s website uses Google Analytics technology to obtain cookie data as a reference for improving services and providing services that are more suited to Customers’ interests and needs. For information on handling of data in Google Analytics by Google, please see here. If you wish to disable this cookie, please disable it in accordance with Google Analytics opt-out browser add-on (https://support.google.com/analytics/answer/181881?hl=ja).

12.Changes to this Privacy Policy

The Company may change or revise this Privacy Policy at any time in order to more effectively protect Customers’ personal data or in accordance with applicable laws and regulations. All such changes and revisions will be notified on this page.

13.Contact Details

Please contact us as set out below if you have any inquiries or questions, or wish to make a complaint or exercise your rights concerning this Privacy Policy or our processing of personal data.

KUMIAI CHEMICAL INDUSTRY CO., LTD.

Contact: General Manager of General Affairs Department (Data Control Officer)
KUMIAI CHEMICAL INDUSTRY CO., LTD.
1-4-26, Ikenohata, Taito-ku, Tokyo 110-8782, Japan
E-mail:soumu@kumiai-chem.co.jp

Revised on November 1, 2022