Privacy Policy for Individual Personal Data Subject to GDPR
When the personal data of an individual (hereafter, the “Data Subject”) protected by the "European General Data Protection Regulation (2016/679)” (hereafter, the “GDPR”) is directly or indirectly acquired by Furukawa Electric Co., Ltd. (hereafter, the “Company”), the data controller shall process the relevant data appropriately in accordance with the GDPR (and any other applicable regulations regarding data protection provided for by EU member states).
1. Business operator name and contact information
Furukawa Sangyo Kaisha, Ltd.
For contact information, please refer to “9. Contact for Inquiries or Complaints” in the Privacy Policy.
2. Purposes of use for personal data
The Company shall process the personal data of the Data Subject protected by the GDPR based on the legal basis stipulated in GDPR Articles 6 and 7. In addition, special categories of personal data, etc., that require care when handling as stipulated in GDPR Articles 9 and 10 shall also be handled appropriately in accordance with the GDPR.
The Company uses personal data provided to the Company for the following purposes.
Categories of personal data
- Personal information provided by those who cooperated in questionnaires and other surveys conducted during exhibitions and events, etc.
- Personal information provided by those who visited the Company for factory tours and business negotiations, etc.
- Personal information provided by suppliers
- Personal information provided during inquiries made via the Company’s website
- Personal information provided by those applying to employment offerings and those introduced by employment agencies, etc.
- Information regarding the Company’s employees
- Information acquired through IT service vendors and subcontractors
- Any other personal information provided through business activities
Purposes of use
- Planning and development of products, or investigations into measures to improve customer satisfaction
- Accommodating visitors to the Company
- Making inquiries to suppliers in regard to products, etc. and executing transactions
- Responding to the details of inquiries and sending responses
- Considering hiring and making clerical contacts to prospective employees
- Managing the employment of personnel, administering labor relations, and implementing human resources policies
- Implementing accounting processing related to employees
- Making contacts related to the fulfillment of agreements
In order to undertake any other actions that will help the smooth flow of business and improve the products and services of the Company, the purposes of use listed above shall be revised as necessary in the future.
In order to comply with the legal obligations of the Company, reliably provide appropriate services, and carry out the business activities of the Company, the Company shall preserve the personal data of the Data Subject for the required duration.
3. Sharing personal data
The Company may share personal data with Furukawa Sangyo Kaisha Group companies, Furukawa Electric Group companies and third parties in some cases. When sharing personal data with such entities, the Company shall handle the data appropriately in accordance with GDPR Articles 26, 27, and 28. When sharing personal data with companies located outside the EEA, the Company shall implement safeguards to legally transfer the personal data outside of the region (e.g., concluding a "Standard Contract Clause") in accordance with GDPR Article 46.
4. Records of personal data processing activities
When the Company processes personal data, records related to the processing of the personal data shall be kept in accordance with the obligations stipulated in GDPR Article 30. Based on GDPR Article 31, information required for cooperation with supervisory authorities shall also be recorded.
5. Data security measures
In accordance with GDPR Article 32, the Company has formulated the "Basic Rules for Information Security" and "Information Security Measure Standards" separate from this Policy. In addition, the Company shall implement organizational safety control measures, including the development of an information security system, and shall implement technical safety control measures, including access control, identification and authentication, and prevention of unauthorized access.
6. Notification of data breaches to supervisory authorities
In preparation for the occurrence of data breaches that lead to unintentional or unlawful destruction, loss, alteration, or unpermitted disclosure or access of personal data, the Company shall institute systems and measures to promptly detect and evaluate the details of such data breaches. Based on the results of the evaluation, the Company shall make the necessary notification to the supervisory authorities and contact the affected Data Subjects.
7. Rights of the Data Subject
The Data Subject holds the following rights in regard to personal data that are collected and processed by the Company.
- Information entitlement (right to receive certain information from the controller)
- Right of access (right to access one’s own personal data)
- Right to rectification
- Right to erasure
- Right to restriction (right to restrict processing of personal data by the controller)
- Right to data portability (right to receive one’s own personal data in a structured, commonly used, and machine-readable format)
- Right to object
- Right regarding automated individual decision-making (right not to be subject to a decision based solely on automated processing, including profiling, in regard to decisions about oneself)
At any time, the Data Subject can withdraw consent for the personal data that they have provided.
When the Data Subject exercises such rights against the Company, please contact the Company as listed in "9. Contact for inquiries or complaints” in the Privacy Policy. If the Data Subject is dissatisfied with the response made to their request by the Company, or has a complaint regarding the personal data processing methods used by the Company, the Data Subject can file a complaint with the data protection supervisory authorities of the individual EU member states.
8. Automated decision-making, including profiling
The Company does not employ automated decision-making, including profiling, using personal data provided by Data Subjects.
9. Handling the personal data of children
When processing personal data for children under 16 years of age or who do not meet the age restrictions stipulated by Member State law, the Company shall appropriately process the information in accordance with GDPR Article 8 and Member State law.
10. Updates to this policy
The Company may make timely revisions or updates to this Policy. Updates to this Policy shall come into effect as soon as they are posted on this website.