Personal Information Protection Policy

Personal Information
Protection Policy

HARADA CORPORATION
Satoru Harada, President and CEO

HARADA CORPORATION (hereinafter referred to as “Company”) recognizes that it is important and our social responsibility to appropriately protect the personal information of our customers and everyone involved in the Company. The Company will comply with the Act on the Protection of Personal Information and other related laws and regulations as well as Guidelines on the Act on the Protection of Personal Information and other related guidelines in order to thoroughly protect, manage, handle, and use personal information.

This personal information protection policy will apply to all services provided by the Company (hereinafter referred to as “Service(s)”) along with the privacy policy and terms of use established for each Service and other related rules.

The websites operated by the Company may include links to other websites; however, the Company will not be held responsible for the protection of personal information at linked websites other than the Company’s websites.

○Basic Policy

1.Compliance with the Laws, Regulations, and Standards

The Company will always remain up-to-date and comply with the Act on the Protection of Personal Information and related laws and regulations, guidelines stipulated by the national government, and other standards. In addition, the Company will establish rules and a framework for the establishment of a system for protecting personal information, definitely implement and maintain the personal information protection and management system, and continuously make improvements to the system. The Company may revise the personal information protection policy with the aim of better protecting customers’ personal information and responding to changes to the laws and regulations.

2.Establishment of a System for Managing Personal Information

The Company will establish a system for appropriately managing personal information, and at the same time, thoroughly inform the Company’s regulations to all officers and employees and strive to ensure their compliance.

3.Acquisition, Purpose of Use and Scope

The Company will handle personal information within the scope of the purpose of use clearly indicated to customers and will not use the information for any purpose other than the intended purpose of use.

4.Thorough and Appropriate Information Management

The Company will maintain the personal information accurate and up to date and strive to prevent unauthorized access to the personal information, as well as the leak, loss, or damage of personal information, and continuously improve and correct information security.

5.Name and address of the Company and the name of the representative

HARADA CORPORATION
10-14, Minami-semba 2-chome, Chuo-ku, Osaka
542-0081
Satoru Harada, President and CEO

6.Response to Inquiries Concerning Personal Information

The Company will promptly and in good faith respond to inquiries from the customers concerning personal information. When a customer requests the disclosure, correction, or deletion of the customer’s own personal information, the Company will handle such request in accordance with the laws, regulations, and Company’s rules only when it is confirmed through the procedure separately specified by the Company that the requestor is the subject person of the relevant personal information.

Handling of Personal Information
- 1.Purpose of Use of Personal Information
  The Company will use the provided personal information within the scope of the following purpose of use.
  In addition, if there is a privacy policy, terms of use, or other related regulations for each Service, we will also use the information within the scope of the purposes of use described there, so please check them as well.
  
  (1) Respond to the inquiries from the customer
  (2) Send the products ordered and purchased
  (3) Manage and execute contracts
  (4) Provide product support and maintenance Service
  (5) Conduct market surveys and develop new products and Services
  (6) Send campaign information in the form of an announcement or email
  (7) Improve and enhance customer experience of the digital Services (websites, mobile apps, etc.) provided by the Company (Information obtained by the Company, such as browsing history, may be analyzed by the Company or converted into numerical values based on the level of interest and, in accordance with the results thereof, used for individual advertisement, publication, or sales promotion activities in relation to the Company’s products and Services.)
  (8) Distribute targeting advertisements using Google, Yahoo, or other advertisement distributor
  (9) Analyze attribute information and behavior history acquired by the Company for the purpose of grasping customer preferences and interests
  (10) Provide and communicate recruitment information to job applicants (including interns) and recruitment management by the Company
  (11) (1) Purposes ancillary or related to the above
  
  When the Company combines and uses customers’ personal information already possessed by the Company with information obtained from a third party about the customers’ preferences and interests, browsing history, and other information, the Company will obtain consent from the customer in advance and use the information for the purpose of use stated above and within the scope of the purpose of use stated in the privacy policy established for each Service.
  In addition, when the Company acquires and uses personal information other than the above, the Company will, as necessary on a case-by-case basis, obtain consent for the acquisition of personal information in advance.
- 2.Provision of Personal Information to Third Parties
  The Company will appropriately manage the personal information provided by customers and will not disclose personal information to third parties, excluding the following cases:
  
  (1) When consent is obtained from the customer in advance
  (2) When disclosing the information to the contractor contracted by the Company to provide work operations for the Service requested by the customer
  (3) When disclosure is required by law
  (4) When it is necessary for the protection of human life, physical well-being, or property, and it is difficult to obtain consent from the subject person
  (5) When it is particularly required for the improvement of public health or promotion of the sound fostering of children, and it is difficult to obtain consent from the subject person
  (6) When it is necessary to cooperate with a national agency, local government or a person contracted by such for the execution of work duties set forth by law and obtaining consent from the subject person may hinder the execution of the work duties
Cookies
- 1.Google Analytics
  The website uses Google Analytics provided by Google, Inc., for measuring the website to improve service. Analysis may be done using the cookie text file generated in relation to this, and in this case, part of the customer information, such as the IP address, may be collected by Google, Inc. This information will be used only for analyzing the status of use of the website, creating reports to the website operator, and for the purpose of providing services. The user will, by using the website, be deemed to have approved this data handling conducted by Google using the method and purpose above.
  * Cookies may be rejected based on the customer’s browser settings. The method for changing the settings will differ depending on the browser.
  * For the terms of use of Google Analytics, see the website of Google Analytics. For the privacy policy of Google, see the Google website.
  <Terms of use of Google Analytics>
  <Google privacy policy>
  <Google Analytics opt out add-on>
- 2.Other cookies
  For the cookies used by the Company other than those stated in the preceding paragraph, see the “Cookie Policy” for each website you visit.
Anonymously Processed Information
- The Company will create anonymously processed information from customers’ personal information and provide such information to third parties within the scope permitted by law after implementing the appropriate protection measures to make it impossible to identify the specific individual and to restore the personal information used for the creation thereof.
  See here for details about anonymously processed information.
Joint Use
- 1.Jointly Used Personal Information
  The Company may jointly use the personal information items acquired for the above purpose of use of personal information as necessary with affiliate companies.
- 2.Scope of Joint Use
  HaradaSansei Medical Supply Corporation
  Mondomix Japan Inc.
  LAC Healthcare Ltd.
  Harada (SHANGHAI) Corporation
  HARADA CORPORATION (THAILAND) Co., LTD.
  HARADA GARMENT VIETNAM CO.,LTD.
- 3.Purpose of Joint Use
  nformation will be used for the purposes stated in the purpose of use of personal information above.
- 4.Acquisition Method
  Information will be acquired by telephone, fax, email, Internet and other means and methods.
- 5.Controller Responsible for the Management of Personal Data
  The Company will be the person responsible for the management of jointly used personal data. See 6 in the Basic Policy for the Company’s address and representative.
Matters Concerning
Security Management Measures
- The Company will implement the necessary and appropriate security management measures for preventing the leak, loss, or damage of personal data and the management thereof. Also, the Company will provide the necessary and appropriate supervision over the employees and contractors (including subcontractors) that handle personal data. The main points will be as follows:
- 1.Formulate a Personal Information Protection Policy
  The Company has formulated this policy to ensure the appropriate handling of personal data.
- 2.Establish Rules Concerning the Handling of Personal Data
  For each phase of acquisition, use, storage, provision, deletion, and disposal, the Company has formulated the Rules on the Handling of Personal Information and Rules on the Handling of Specific Personal Information for the handling method, responsible person, person in charge, and their duties.
- 3.Organizational Security Management Measures
  ・The Company has appointed a chief personal information officer for the handling of personal data and, at the same time, clarified the employees who handle personal data and the scope of personal data handled by such employees and established a system for reporting and informing the chief personal information officer in case a violation or possible violation of the Personal Information Protection Act or Rules on the Handling of Personal information is found.
  ・The Company conducts self-inspections on the status of personal data handling and, based on the results thereof, works to assess, review, and improve each security management measure.
- 4.Human Security Management Measures
  The Company regularly conducts training for employees on the points to note regarding the handling of personal data.
- 5.Physical Security Management Measures
  ・The Company implements measures to prevent personal data browsing by unauthorized persons in the areas where personal data is handled.
  ・The Company implements measures to prevent the theft and loss of devices used to handle personal data, as well as electronic media and documents containing personal data and, at the same time, implements measures to prevent personal data from being easily revealed when such device, electronic media, or other device is carried around, including within the Company’s business office.
- 6.Technical Security Management Measures
  ・The Company implements access control to limit the persons in charge and scope of the personal information database.
  ・The Company has implemented a framework to protect the information system used to handle personal data from unauthorized access or unauthorized software by external parties.
Inquiries and Disclosure Requests Concerning Personal Information
- Contact the following for inquiries concerning the handling of personal information by the Company and to request disclosure, change or deletion of personal information.
  
  Email: privacy@haradacorp.co.jp
  Mailing address: Personal Information Manager, General Affairs Dept., HARADA CORPORATION
  10-14, Minami-semba 2-chome, Chuo-ku, Osaka
  * The Company will separately send a request form and instructions to customers who wish to request disclosure.
Handling of Personal Data
in the EU and the U.K.
- The Company will, in relation to the handling of personal data about persons residing in the EU or the UK, comply with the EU General Data Protection Regulation (GDPR), laws of the UK and other related laws and regulations, and appropriately respond in accordance with this Personal Information Protection Policy.
- 1.Types of Personal Information to be Acquired
  The Company will appropriately handle the personal information acquired from customers within the scope set forth in the Personal Information Protection Policy above in accordance with GDPR, laws of the UK, and other related laws and regulations. Personal information includes the following.
  (1) Information acquired directly from the customers
  i.Name
  ii.Contact information (company name, address, telephone number, e-mail address, etc.)
  (2) Information automatically acquired by the Company
  i.Identifier
  ii.Device information
  iii.Network information
  (3) Information granted by the Company to the customers
  i.Assumed information such as area and language information based on the IP address
  (4) Information acquired by the Company from third parties
  i.Information acquired from public websites on the Internet
  ii.Information acquired from partner companies
  It is possible to refuse when the provision of personal data is requested. Also, it is possible to prevent certain types of automatic data collection through the Web browser or operating system settings. However, when it is chosen not to provide or permit provision of information that is necessary for certain Services and functions, such Services and functions may not be available for use or fully function.
- 2.Data Protection Representative
  The Company have appointed DataRep as our Data Protection Representative in the EU and UK. Customers residing in the EU or UK may contact DataRep as indicated below regarding the handling of their personal information.
  
  ▶︎ Email：datarequest@datarep.com
  *Include ＜HARADA CORPORATION＞ in the subject of the email.
  ▶︎ Webpage：https://www.datarep.com/data-request
  ▶︎ Mail：(EU)DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
  (UK)DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom
  *It is ESSENTIAL that you have your letters addressed to "DataRep".
  
  DataRep's privacy notice is here.
- 3.Purpose of Use of Personal Data
  For the handling of personal data of persons residing in the EU or UK, the use of the information will be limited to the following:
  
  (1) Respond to inquiries from the customer
  Legal basis of the handling: Execution of the contract
  (2) Send the products ordered and purchased
  Legal basis of the handling: Execution of the contract
  (3) Manage and execute contracts
  Legal basis of the handling: Execution of the contract
  (4) Provide product support and maintenance Service
  Legal basis of the handling: Execution of the contract
  (5) Conduct market surveys and develop new products and Services
  Legal basis of the handling: Legitimate interests
  (6) Send campaign information in the form of announcement or email
  Legal basis of the handling: Legitimate interests
  (7) Improve and enhance customer experience of the digital Services (websites, mobile apps, etc.) provided by the Company
  Legal basis of the handling: Legitimate interests
  (8) Distribute targeting advertisement using Google, Yahoo, or other advertisement distributor
  Legal basis of the handling: Legitimate interests
  (9) Analyze attribute information and behavior history acquired by the Company for the purpose of grasping customers’ preferences and interests
  Legal basis of the handling: Legitimate interests
  (10)Provide and communicate recruitment information to job applicants (including interns) and recruitment management by the Company
  Legal basis of the handling: Execution of the contract
  (11)Purposes ancillary or related to the above
  Legal basis of the handling: Legitimate interests
- 4.Recipient of Personal Data
  The Company may disclose the personal data under the applicable laws and within the scope permitted by law. The types of supposed recipients are as follows:
  
  (1) System development and operation partners
  (2) Alliance partner companies
  (3) Service contractors
  For details of the above, please see the List of Subprocessors
- 5.Cross-Border Transfer
  The personal data collected by the Company may be stored and processed in the customer’s country and region or other countries where the Company or its affiliate company, subsidiary, or service provider processes data. Currently, the Company uses data centers in Japan, and affiliate companies in each country may process personal data. (See here for affiliate companies in each country) Japan has received the sufficiency certificate by the European Commission. See the following website for details.
  Also, SCC under Article 46 paragraph 2 of the GDPR have been concluded with the affiliate companies in each country. For more details and copies of the documents used for transfers outside the region, please contact the abovementioned agent.
- 6.Retention Period
  The Company will retain the customer’s personal data for up to six months from the time when the customer deleted the account. However, if it is required to retain the information for a longer period under the applicable law, the Company will retain the information for the period set forth by that law.
- 7.Execution of Rights
  The customer has the following rights. To exercise these rights, please contact the point of contact of the above-named
  (1) Right to access
  (2) Right to correct
  (3) Right to suspend use
  (4) Right to data portability
- 8.Right to Raise an Objection about the Processing
  The customer has the right to raise an objection at any time about the processing of personal data based on the Company’s legitimate interests. When the Company processes the customer’s personal data for the purpose of direct marketing, the customer has the right to opt-out. To exercise these rights, please contact the point of contact stated in paragraph 2 above.
- 9.Withdrawal of Consent
  When the Company processes the customer’s data based on consent by the customer, the customer has the right to withdraw the consent at any time. To exercise these rights, please contact the point of contact stated in paragraph 2 above.
- 10.Right to Raise an Objection to the Regulatory Agency
  The customer has the right to raise an objection to the regulatory against.

Revised on：April 1, 2024