EBARA Group Privacy Policy

EBARA CORPORATION and its affiliated companies (hereinafter referred to as the “Group”) recognize that it is their social responsibility as a company to appropriately protect the personal information they hold, and in acquiring, using and providing personal information, they will comply with the “Act on the Protection of Personal Information” and other applicable laws and regulations concerning the protection of personal information and privacy protection, as well as generally accepted practices as fair and appropriate and guidelines, etc., for the handling of personal information, and will handle personal information appropriately.

 

In addition, our Group will clarify the rules and regulations concerning the handling of personal information, and will make every effort to ensure that all employees are aware of them so that they handle personal information appropriately.

 

Personal information refers to address, name, telephone number, and other information that can identify the person as a particular individual (including information that falls under “Personal information” as defined in Article 4 of the EU General Data Protection Rules (hereinafter referred to as “GDPR”)).

Chapter 1. Handling of Personal Information in Our Group

1. Purpose of Use and Legal Basis

Our Group uses personal information for the following purposes based on the following legal basis.
(1) Business Partner Information
(Name, address, phone number, e-mail address, place of work, address of work, department, position, etc.)
1 Processing is necessary for the performance of a contract to which the data subject is party
  • For execution and performance of agreements, including provision of goods and services and management after execution of agreements
  • For maintenance, management and aftersales service of provided goods and services
  • For communication necessary to provide goods and services and shipment of goods, etc.
  • For provision of information related to goods and services and information related to any other business activities of our Group
  • For invoice and acceptance of charges for goods and services and preservation of claims
  • For responses to enquiries and opinions to our Group
  • For execution and performance of agreements with business partners, management after execution of agreements and any other necessary communication to business partners
  • For implementation of various measures to construct and maintain smooth relationships with business partners and provision of various accommodations
  • For reimbursement of business partners’ expenses
  • For cases where it is necessary to perform the business operations of our Group
2 Processing is necessary for the purposes of the legitimate interests pursued by our Group or by a third party
  • For provision of information and advertisement delivery on goods and services by e-mail through analysis of browsing history and trading history, etc.
  • For provision of information and advertisement delivery on goods and services by e-mail through analysis of opening history of e-mails and website browsing history, etc., of business partners in Japan
  • For market research and other research and studies through analysis of trading history, etc.
  • For promotion of prizes and campaigns, etc.
  • For provision of information on meetings, etc., of organizations which our Group hosts or belongs to and any other necessary communication
  • For activities related to CSR (corporate social responsibility)
  • For management of the utilization status of the facilities and equipment
  • For audits (including internal control audits)
  • For other purposes as described in “5. Sharing of Personal Information”
3 Based on the consent of the data subject
  • For improvement of goods and services through analysis of browsing history of our Group website
(2) Shareholder information
(Name, address, number of shares held, acquisition date, etc.)
1 Processing is necessary for compliance with a legal obligation to which our Group is subject;
  • For exercising of rights and performing obligations under the Companies Act
  • For management of shareholders, including preparation of data of shareholders in accordance with the standards specified under various laws
2 Processing is necessary for the purposes of the legitimate interests pursued by our Group or by a third party
  • To provide facilities to those who hold the status of a shareholder
  • To implement various measures in order to promote a smooth relationship with our shareholders
(3) Recruitment information
(Name, address, gender, date of birth, etc.)
1 Processing is necessary for the purposes of the legitimate interests pursued by our Group or by a third party
  • For internship and recruitment selection services (including use in questionnaires for reference in future recruitment activities)
  • For provision of corporate information and necessary contact with applicants and candidates for employment with our Group
  • For processing information on applicants who have been hired as a result of the recruitment screening as personnel information for us after joining our Group
  • For using as basic data for the determination of hiring/rejection
  • For sending information on our Group’s events, etc. to prospective employees
  • For reference in making hiring/rejection decisions through AI analysis of interview results
If a supplier does not wish to provide personal information to our group, the supplier may not provide personal information to our group; provided, however, that if personal information is not provided, it may interfere with the provision of our Group’s services or the performance of the contract.

 

2. Storage Period of Personal Information

Our Group stores recruitment information for a maximum of seven years after retirement and that of rejected applicants for a maximum of one year after completion of recruitment activities. Other personal information shall be stored only for the period necessary to achieve the above-listed purposes of acquisition and use. The specific retention period will be determined in consideration of the purpose for which personal information is acquired and used, the nature of personal information, and the legal or operational necessity to maintain personal information.

 

3. Provision to Third Parties

Our Group will not provide personal information to any third party except under any of the following conditions; provided, however, the provision as a result of joint use or consignment does not fall under the category of disclosure or provision to a third party:
(1) With the consent of the data subject;
(2) In accordance with laws and regulations of each country;
(3) When it is necessary for the protection of life, body, or property of a person and it is difficult to obtain the consent
of the data subject;
(4) In cases in which it is particularly necessary for the improvement of public health or the promotion of the sound upbringing
of children and in which it is difficult to obtain the consent of the data subject;
(5) In cases in which cooperation is necessary for the State or local public entities, etc. to conduct public affairs and in which
the consent of the data subject may hinder the execution of such affairs; or
(6) Provision upon succession of business due to merger, company split, transfer of business or for other reasons.

 

4. Handling of Entrustment

Our Group may entrust part of its business activities and provide personal information to subcontractors to the extent necessary to achieve the purpose of use. In this case, our Group shall properly manage and supervise the outsourcees, including the conclusion of contracts for the handling of personal information with these outsourcees.
Types of outsourcees obtaining personal information are, for example, consultants, recruitment agents, cloud service companies, and training companies.

 

5. Sharing of Personal Information

Our group will share personal information as follows:
(1) Sharing by Group Companies
In order to comprehensively provide goods and services relating to the business handled by our Group (hereinafter simply referred to as “goods and services”) throughout our Group, we will share personal information obtained by our Group as follows only when necessary for business and permitted by law within our Group.
1 Scope of Sharers
Our Group (including overseas group companies)
Please refer to this link for group companies in Japan and to this link for overseas group companies.
2 Purpose of Use by Sharers
  • For comprehensive provision of goods and services throughout our Group
  • For execution and performance of agreements, including provision of goods and services and management after execution of agreements
  • For execution and performance of agreements with business partners, management after execution of agreements and any other necessary communication to business partners
  • For implementation of various measures to construct and maintain smooth relationships with business partners and provision of various accommodations
  • For reimbursement of business partners’ expenses
  • For audits (including internal control audits)
  • For our Group as a whole to implement activities related to CSR (corporate social responsibility)
  • For provision of information related to goods and services and information related to any other business activities of our Group
  • For provision of information and advertisement delivery on goods and services by e-mail through analysis of browsing history and trading history, etc.
  • For provision of information and advertisement delivery on goods and services by e-mail through analysis of opening history of e-mails and website browsing history, etc., of business partners in Japan
  • For processing information on applicants who have been hired as a result of the recruitment screening as personnel information for us after joining our Group
  • For provision of corporate information and necessary contact with applicants and candidates for employment with our Group
  • For responses to enquiries and opinions to our Group
  • For improvement of goods and services through analysis of browsing history of our Group website
  • For cases where it is necessary to perform the business operations of our Group
3 Items of Personal Information to be Shared
  • Name
  • Contact information (address, phone/fax number, e-mail address, etc.)
  • Work address information (company name, representative name, department name, position, address, phone/fax number, e-mail address, etc.)
  • School information (school name, address, phone and fax number, e-mail address, etc.)
  • Contents of inquiries, requests, goods and services and other purchasing histories, information on contract details, information on goods uses, etc.
  • Private business partner’s expense payment account (bank, account, name holder)
4 Person Responsible for the Management of Personal Information
EBARA CORPORATION
Address: 11-1 Haneda-Asahi-cho, Ota-ku, Tokyo
Representative: Masao Asami, President and CEO
(2) Sharing of Contact Information such as Business Cards by Group Companies
Our Group will share the following personal information, such as business cards exchanged between our business partners and our Group employees and contact information in e-mail signature block obtained by our Group employees, with our domestic and overseas group companies.
1 Scope of SharersOur Group (including overseas group companies)
Please refer to this link for group companies in Japan and to this link for overseas group companies.
2 Purpose of Use by Sharers
  • For execution and performance of agreements, including provision of goods and services and management after execution of agreements
  • For execution and performance of agreements with business partners, management after execution of agreements and any other necessary communication to business partners
  • For implementation of various measures to construct and maintain smooth relationships with business partners and provision of various accommodations
  • For provision of information related to goods and services and information related to any other business activities of our Group
  • For provision of information and advertisement delivery on goods and services by e-mail through analysis of opening history of e-mails and website browsing history, etc. of business partners in Japan
  • For responses to enquiries and opinions to our Group
  • For cases where it is necessary to perform the business operations of our Group
3 Items of Personal Information to be Shares
  • Name
  • Phone Number
  • Address
  • E-mail address
  • Workplace information (company name, department/section, position, address, phone number, fax number)
  • Contents of business transactions (information contained in transactions with business partners, inquiries, requests, and opinions)
  • Information on how our business partners, including cookies and action logs on our website, used our Group website
4 Person Responsible for the Management of Personal Information
EBARA CORPORATION
Address: 11-1 Haneda-Asahi-cho, Ota-ku, Tokyo
Representative: Masao Asami, President and CEO
(3) Share by our Group partner companies
In order to provide goods and services promptly, we will share personal information obtained by our Group with our Group and our partner companies to which our Group outsources sales, maintenance, aftersales services, and other services related to the provision of goods and services, only as required by business and permitted by law.
1 Scope of Sharers
Our Group and cooperating companies to whom we entrust business related to the provision of goods and services
2 Purpose of Use by Sharers
  • For the prompt provision of goods and services
  • For concluding and fulfilling contracts for goods and services, management after-contract, and otherwise communicating as required
  • For provision of information on goods and services and other information related to business activities handled by our Group
  • For response to inquiries regarding goods and services
  • In the event it is required for the performance of business handled by our Group
3 Items of Personal Information to be Shared
  • Name
  • Contact information (address, phone/fax number, e-mail address, etc.)
  • Workplace information (company name, department name, title, address, phone/fax number, e-mail address, etc.)
  • Contents of inquiries, requests, goods and services and other purchasing histories, information on contract details, information on goods uses, etc.
4 Person Responsible for the Management of Personal Information
EBARA CORPORATION
Address: 11-1 Haneda-Asahi-cho, Ota-ku, Tokyo
Representative: Masao Asami, President and CEO

 

6. Transfer Outside of Japan

Our Group may provide personal information to Group companies overseas. In this case, our Group company will take the necessary measures for the transfer outside the country in accordance with the laws and regulations of each country.Some of the overseas Group companies that receive personal information are located in third countries that are not sufficiently certified by the Japan Personal Information Protection Commission or the European Commission, but our Group has concluded data transfer agreements with group companies that share such information in order to protect Personal information at an adequate level.In this case, our Group will take the appropriate safeguards necessary for international data transfer such as the EU standard contractual clauses.
Please refer to this link for the EU standard contractual clauses.

 

7. Matters Concerning Safety Management Measures

Our Group has taken measures to prevent leakage, loss, or destruction of personal information and other appropriate management measures as follows:
(1) Formulation of the Privacy Policy
  • This Privacy Policy has been established to ensure proper handling of personal information and to notify the contact point for questions and complaint handling.
(2) Development of Disciplines Regarding the Handling of Personal Data
  • Formulate personal information protection rules for handling methods, managers/staff in charge, and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc.
(3) Systematic Security Control Measures
  • Appointed a person responsible for the handling of personal data (Personal Information Protection Supervisor).
  • Clarify the extent of personal data to be handled by the employee handling personal data and the employee.
  • Establishment of a system to notify the Personal Information Protection Supervisor of any fact or sign of violation of laws or internal regulations
  • Conduct periodic self-inspections of the status of the handling of personal information, and conduct audits by other departments and outside parties as necessary.
(4) Human security control measures
  • Conduct periodical training for the employees regarding issues to be noted concerning processing of personal information
  • Describe provision about obligation of confidentiality regarding personal information on internal rules
(5) Physical security control measures
  • In areas where personal information is handled, measures are implemented to control the entry and exit of employees and to restrict equipments etc., brought in, and to prevent unauthorized persons from accessing personal information.
  • Take measures to prevent theft or loss of equipment, electronic media, documents, etc., handling personal information.
  • Take measures to prevent personal information from being easily identified when carrying equipments, electronic media, etc., that handle personal information, including moving within the business office.
(6) Technical security control measure
  • Implement access control to limit the extent of personnel in charge and personal information handled
  • Introduced a mechanism to protect information systems that handle personal information from unauthorized access from outside or from unauthorized software.
(7) Grasping the external environment
  • Our Group implements safety management measures after understanding the system for protecting personal information in foreign countries where cloud servers that store a portion of personal information are located.The major systems for protecting personal information in foreign countries can be found on the website of the Personal Information Protection Committee below.

 

8. For Automated Decision Making

Our Group will not use personal information provided to make automated decisions, including profiling.

 

9. Handling of Personal Information for Persons under the Age of 16

Personal information for those under the age of 16 must be provided with the consent of their guardians.

 

10. Request for Disclosure

You may have the following rights under applicable laws and regulations with respect to your personal information in the possession of our Group:
(1) Request for withdrawal of consent;
(2) Request for disclosure, correction, addition, or deletion of personal information;
(3) Request for suspension of use or deletion of personal information or suspension of provision to a third party;
(4) Request for data portability.
If you would like to make the above-listed request for our holding personal information, please contact us at the contact address listed in 11 below. Our Group will comply with the applicable laws and regulations to the extent reasonable after confirming the identity of the requesting party.

 

11. Request for inquiry and complaint

For inquiries or complaints about the handling of personal information of our Group, please contact us here.

 

12. Appeals to Supervisors

You have the right to object to the data protection authority having jurisdiction over your place of residence with respect to the processing of the relevant personal information in accordance with applicable laws and regulations. Data protection agencies in EU countries can be found at the following URL:

 

13. Contacts for Personal Information Manager and Data Protection Officer

EBARA CORPORATION
Address: 11-1 Haneda-Asahi-cho, Ota-ku, Tokyo
Representative: Masao Asami, President and CEO
DPO/ Personal Information Protection Supervisor: Toru Nakayama, Executive Officer of Ebara Corporation,
Contact: Contact us here.

 

Our Group may revise this Personal Information Protection Policies in whole or in part if deemed necessary by our Group due to revision of laws and regulations, etc.
The revised contents will be effective when posted on our group’s website, etc.

 

Date of last update: 1 December 2022