Giken Ltd. and its subsidiaries (hereinafter referred to as “Giken Group”) recognise the social responsibility to protect the rights of individuals and to comply with laws and regulations concerning personal information handled by Giken Group. To that end, Giken Group established and abides by the Giken Group Personal Information Protection Policy.
Giken Group shall make sure that every employee is familiarized with it, as follows:
1. Based on the consent of the individual providing the personal information, Giken Group acquires, uses and provides personal information only to the extent necessary and as permitted by law, for conducting legitimate business in order to achieve the purposes listed below.
The consent provided above may be withdrawn at any time by the individual.
If Giken Group acquires personal information for purposes of use different from those specified below, Giken Group shall separately notify or announce such purposes, and shall not handle personal information exceeding the extent necessary to achieve these purposes of use as follows:
(1) To execute contracts concluded between an individual or the entity to which the individual belongs and Giken Group;
(2) To provide products, services and related information to individuals or the entities to which the individuals belong;
(3) To improve Giken Group products and services;
(4) To respond to various (potential) customer and/or business partner enquiries;
(5) To analyse data and behaviour as necessary for marketing activities, and information provision and sales activities;
(6) To execute the operation incidental to the above; and
(7) To perform any legally and regulatory obligations.
2. All or part of other personal information shall be made available for joint use within Giken Group and its business partners for sales and services, so that business is smoothly carried out within the scope of the purpose of use set forth in the preceding paragraph.
3. Giken Group shall not provide personal information to any third party other than the joint use mentioned in the preceding paragraph, unless the prior consent of the individual has been obtained. However, the personal information may be provided to a third party without obtaining the prior consent of the individual, as follows:
(1) When required by law;
(2) When necessary for the protection of human life, human body, or personal property, when it is difficult to obtain the consent of the individual who provided the personal information; and
(3) When required by notifications or guidance, etc. of a government of municipal authority.
5. Giken Group shall continuously improve its security system in order to prevent risks of data breach, leakage, loss, unauthorised access, destruction, alteration, unauthorised disclosure, and damage of personal information by taking reasonable security measures. In the event where such risks occur, it shall promptly take corrective measures.
6. Giken Group acknowledges that individuals providing personal information have the right to request the disclosure, correction, suspension of use, deletion, etc. of their own personal information, and if such request is made, shall promptly respond to it to a reasonable extent. Inquiries concerning the handling of personal information shall be respond within a reasonable scope.
7. Giken Group shall comply with all applicable country-specific laws, regulations and guidelines, and other relevant norms concerning the protection of personal information, as well as endeavour to review and improve its efforts as mentioned above from time to time.
■ Personal Information and Process
(1) The personal information that Giken Group processes shall be, but is not necessarily limited to:
・Name, business contact information (address, telephone number, e-mail address, etc.);
・Business information (company name, department name, title, etc.);
・Inquiry details, request details, content of contract; and
・IP address, cookie information; and information related to the Giken Group web access history.
(2) Giken Group “process” of personal information in the preceding paragraph means any work or series of work performed with personal information or a set of personal information, whether or not by automated means, and where “work” means acquiring, recording, editing, structuring, storing, changing, restoring, referencing, using, disclosing through transfer, disseminating, and otherwise preparing said personal information to make it possible to disseminate, arrange, combine, restrict, delete, and/or destroy it.