This Privacy Policy (hereinafter referred to as the “Privacy Policy”) explains the methods for processing the personal information of customers located in mainland China (hereinafter referred to as “customers”) regarding the products and services provided by ORGAN NEEDLE CO., LTD. (hereinafter referred to as the “Company”). Consent to this Privacy Policy by customers will be required for those customers to use products and services provided by the Company.
For details on personal information management of customers located in regions outside of mainland China, please refer to the “Privacy Policy”.
About the handling of personal information
The Company understands the importance of personal information and handles and protects the customer's personal information adequately as the basis of its business activities and as its social responsibility. Therefore, we will implement the following initiatives based on the Organ CSR “Compliance Policy” and “Information Management Policy”.
Personal information collected by the Company
The Company may collect personal information in the form of the customer's name, work affiliation, job title, address, phone number, email address, gender, date of birth, recruitment-related information, IP address, cookie information (including other similar technologies), website access history, and others.
Purpose of use of personal information
The Company shall use personal information received from customers for the following purposes.
- ●To fulfill agreements made with customers, such as to ship products that have been ordered, or to provide related services.
- ●To provide information on the Company’s products and services.
- ●To send emails or materials in response to inquiries made to the Company.
- ●To improve the Company's products and services for easier use by customers.
- ●To fulfill any other purposes of use indicated when customer personal information is acquired.
- ●To conduct and execute activities related to the above items.
Personal information that has been provided shall only be used to the extent necessary to fulfill the purposes of use, and shall not be used without customer consent. If it will be used for purposes other than those described above, those purposes shall be clearly indicated separately and individually, and consent from customers shall be obtained.
Processing of personal information
The Company shall process customer personal information based on the following premises, only when permitted by law. Processing of personal information includes its collection, storage, use, processing, transmission, provision, disclosure, and deletion.
- ●Consent: If the customer has provided consent to the processing of customer personal information by the Company (However, if a customer takes any active steps toward the Company, such as exchanging business cards with or sending emails that contain personal information to the Company, such acts will be treated as providing consent to the processing of such personal information).
- ●Conclusion or fulfillment of agreements: If it is necessary for the Company to process customer personal information in order to fulfill agreements concluded with customers.
- ●Legal obligation: If it is necessary for the Company to comply with legal obligations.
- ●Public interest: If the Company will perform acts necessary for public interest, and the processing of personal information is within a reasonable scope.
- ●Publicly disclosed personal information: If personal information processed by the Company within a reasonable extent in accordance with legal provisions is personal information which individuals have disclosed themselves or which has otherwise already been legally disclosed, and the processing of such personal information has not been expressly refused by the customer and will not significantly affect the customer’s personal interests.
- ●In other cases specified by laws or administrative regulations.
Protection of personal information
The Company implements the protection of personal information by formulating the "Personal Information Protection Regulations", establishing a system for the security of personal information, and educating all employees thoroughly for awareness of the importance of personal information protection.
Safety management measures
The Company implements the following measures to prevent leakage, loss, or damage of personal information, and also for the proper management of personal information.
-
a) Privacy Policy Development
- ・This Privacy Policy has been specified to ensure the proper handling of personal information, and to provide information on points of contact for receiving questions and complaints.
-
b) Development of rules related to handling of personal information
- ・Handling procedures, as well as responsible personnel, persons in charge, and their duties, are clarified at the individual stages of acquisition, use, storage, provision, deletion, disposal, etc. of personal information.
-
c) Organizational safety management measures
- ・Persons responsible for handling personal information are appointed.
- ・Employees who will handle personal information, and the scope of personal information to be handled by those employees, are clarified.
- ・Systems are established for reporting to and contacting responsible personnel in the event that any signs or actual circumstances of the violation of laws or internal regulations are identified.
-
d) Human safety management measures
- ・Regular education and training for employees are implemented on matters that require attention regarding the handling of personal information.
- ・Matters related to the preservation of confidentiality of personal information are indicated in the rules of employment and other internal regulations.
-
e) Physical safety management measures
- ・In areas where personal information is handled, measures are implemented to control the entry and exit of employees and to restrict devices and other items brought into those areas, and to prevent unauthorized persons from viewing personal information.
- ・Measures are implemented to prevent the theft or loss of devices, electronic media, documents, and other items used to handle personal information.
- ・Measures are implemented to prevent personal information from being easily identified when devices, electronic media, and other items used to handle personal information are carried, including during movement within offices.
-
f) Technical safety management measures
- ・Access control is implemented to set restrictions on the scope of persons in charge and the personal information that is handled.
- ・Systems are introduced to protect information systems that handle personal information from unauthorized external access or unauthorized software.
Disclosure and provision of personal information to third parties
The Company shall properly manage personal information which has been received and shall not disclose such personal information to third parties except in any of the following cases.
- ●If customer personal information related to the implementation of services will be provided to third parties for a specific purpose that is lawful, legitimate, necessary, and clearly indicated, only for the fulfillment of purposes announced in this Privacy Policy.
If customer personal information will be provided to a third party under such circumstances, notification shall be provided to customers in advance indicating the name of the third party to whom such information will be provided, the contact information of the third party, the purpose and method of processing the personal information, and the type of personal information, and individual consent from customers shall be obtained. The Company shall require any third party to whom personal information will be provided as described above to process such personal information in accordance with the Company's instructions, this Privacy Policy, and all other relevant confidentiality and security measures.
The Company may provide customer personal information to the following third parties.
- ・Companies to whom the Company has commissioned operations in order to implement services requested by customers
- ・Organ Group companies
In addition, customer personal information may be provided to third parties without prior consent in the following cases, in accordance with the provisions of laws and regulations.
- ●According to the provisions of laws and regulations, or to follow enforcement measures by responsible government departments.
- ●In cases where it is necessary to protect the life, body, or property of an individual, and it is difficult to obtain the consent of the applicable person.
International transfer of personal information
Customer personal information possessed by the Company may be subject to cross-border transmission to the Company’s servers in locations outside of China, or stored in such servers. It may also be subject to cross-border transmission to third parties in locations outside of China, or stored by such third parties. In such cases, the Company shall request independent consent to the cross-border transmission of such customer personal information, based on laws or administrative regulations. If a customer takes any active steps such as carrying out international telephone calls, transmission and reception of emails, or any form of communication which is internationally instant and simultaneous such as SNS, the Company shall treat such acts as obtaining independent consent from the customer.
If the Company engages in cross-border transmission of customer personal information to locations outside of China, it shall be ensured that all recipients of such customer personal information outside of China comply with the conditions for protection of privacy specified in this Privacy Policy, and that such customer personal information shall be protected to a sufficient level equivalent to that within China.
If the Company engages in cross-border transmission of customer personal information to recipients outside of China, notification shall be provided to customers indicating the name of the overseas recipient to whom such information will be provided, the contact information of the recipient, the purpose and method of processing the personal information, the type of personal information, and the individual rights which can be exercised toward the overseas recipient to whom the information will be provided, and individual consent from customers shall be obtained.
If customer personal information is subject to cross-border transmission to regions outside of China, customers may obtain further details regarding the protection of personal information through the contact methods specified in this Privacy Policy.
Retention and deletion of personal information
The Company shall retain collected customer personal information for the duration of products and services specified in the above purposes of use.
The retention period for personal information acquired by the Company may vary depending on differences in the type of personal information. Unless otherwise specified in laws or administrative regulations, it shall in any case be limited to the shortest period necessary to fulfill the purposes for processing various types of personal information.
Potential threats to personal information
Although the reasonable and effective measures described above have already been adopted and the standards required under the provisions of relevant laws have already been complied with, customer personal information security may face the risk of being exposed to threats resulting from technical limitations and various malicious methods that could potentially be used, and may be subject to loss, theft, tampering, or being viewed or used by unauthorized third parties.
Responses in the event of an incident
In the unlikely event that a personal information security incident occurs, the Company shall notify customers without delay in accordance with laws, administrative regulations, and other requirements. Customers shall be informed of the basic status of the security incident, potential impacts, response measures that have already been implemented by the Company or will be implemented in the future, preventive suggestions that can be voluntarily applied to reduce risks, and remedial actions for customers. Customers shall also be informed without delay of any situations related to the incident. If it is difficult to provide notifications on an individual basis, the Company shall release announcements using reasonable and effective methods. In addition, the Company shall report the status of response to the personal information incident to the authorities, according to the requirements of the authorities.
Customer rights
Based on relevant laws, regulations, and standards, the Company guarantees that the rights indicated in the following items are owned by customers regarding customer personal information processed by the Company.
- The right to acquire information about the processing of customer personal information, and the right to access customer personal information processed by the Company.
- The right to investigate, view, and replicate customer personal information processed by the Company.
- The right for the customer to request corrections or additions of customer personal information, if customer personal information processed by the Company is incorrect or incomplete.
- The right to restrict or refuse the processing of customer personal information by the Company.
- The right for the customer to freely withdraw consent to the processing of customer personal information. (However, if it is possible for the Company to process personal information under other legal grounds, the Company may continue to process such customer personal information.)
- The right to request the transfer of customer personal information to a personal information processing party designated by the customer (note that the appropriate legal requirements must be fulfilled).
-
The right to request the deletion of customer personal information under any of the following circumstances (If the retention period specified by laws or administrative regulations has not expired, or the deletion of customer personal information is technically difficult to accomplish, the Company shall discontinue processing procedures other than retention and application of necessary security protective measures.)
- ●If fulfillment of the purposes of personal information processing has been completed or has become impossible, or if the applicable information has become unnecessary to fulfill those purposes.
- ●If the customer discontinues the use of the Company’s products or services.
- ●If the Company discontinues operation of services, or if the personal information retention period has expired.
- ●If the customer withdraws consent to the processing of customer personal information.
- ●If the Company has not obtained consent from the customer even though it is collecting or using customer personal information.
- ●If the Company has processed customer personal information in violation of laws or administrative regulations, or in violation of arrangements made with customers.
- ●If there are any other circumstances specified by laws or administrative regulations.
- The right to request interpretation and explanation of the rules for processing customer personal information.
Customers may exercise these customer rights by contacting the Company using the contact method described below.
Compliance with and review of laws and regulations
The Company shall comply with the laws and regulations of individual countries regarding personal information and privacy, as well as relevant governmental and ministerial ordinances, guidelines, etc., and shall strive to review and improve the contents of this Privacy Policy as appropriate.
Change of privacy policy
The Company may change the privacy policy in whole or in part. If there are any significant changes, the Company will inform such changes on its website in an easy-to-understand manner.
Inquiries
For inquiries regarding the handling of personal information by our Company, please contact the Company using the information below.
Inquiry and Consultation Desk
1 Maeyama, Ueda-shi, Nagano-ken 386-1436, Japan
Corporate Planning Dept., Corporate Planning Office
Phone number: +81-268-38-3111
FAX: +81-268-38-8532
Alternatively, contact us using the Inquiry Form on the Company website.