Privacy Policy for EU Personal Data

 We, Daicel Corporation, acknowledge the importance of your personal data, and are committed to respecting your privacy as applied to any EU Personal Data of natural persons whose personal data we process in the course of providing our products and services and website visitors from the EU or where Applicable Laws so provide. This Privacy Policy explains how we, in our capacity of a Data Controller, collect, use, disclose, retain and protect your personal data when we provide our products and services to our customers and on our website.
For the definition of certain terms used in this Privacy Policy, please refer to Appendix 1. This Privacy Policy may be complemented by additional notices and policies, which provide more detailed information about particular processing activities.

1.Collection of Personal Data

We seek to only collect personal data for specified, explicit and legitimate purposes, and to notify you in advance of the processing of such data for these purposes, as required under the GDPR or other Applicable Laws.We may collect, process and share with our affiliates, the personal data collected directly from customers, business clients or other parties for the purposes of conducting our business as set forth below.

2.Disclosure of Personal Data to Affiliates and Third Parties

We share your personal data with other Daicel Group entities for all the purposes specified herein. The entities with which we may share your personal data can be found here.
We disclose the personal data, subject to appropriate contractual safeguards, as applicable, to our service providers who process such data on our behalf and upon our instructions. These include:
  1.  a)technical support providers who assist with our website and IT infrastructure,
  2.  b)our payment solutions providers for processing payments;
  3.  c)third party software providers, including ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf; and/or
  4.  d)our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf.
We share your personal data with other companies, vendors and business partners which perform certain functions for us, whereby these companies are themselves responsible to determine the purposes and/or means of the processing and for the lawfulness of the processing, namely:
  1.  a)professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers; and/or
  2.  b)providers that help us generate and collate reviews in relation to our goods and services.
We may also disclose personal data to buyers, lawyers or professional advisors, courts, tribunals, opposing or other related parties to the proceedings and their professional advisors, where needed to affect the sale or transfer of business assets, to defend or enforce our rights, protect our property, assets or safety of others. We will also disclose personal data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies, tribunals and courts in countries where Daicel Group operates.

3.International Data Transfers

With respect to any international transfers of personal data, such transfers shall be made with appropriate safeguards in place to protect the personal data so transferred as required under the GDPR and other Applicable Laws.
Some of the third parties with whom we share personal data are also located outside the EEA. Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection (see here). Transfers to third parties located in other third countries outside the EEA take place using an acceptable data transfer mechanism, such as, the EU standard contractual clauses for data transfers ( see here), Binding Corporate Rules (see here), approved Codes of Conduct and certifications, or in exceptional circumstances on the basis of permissible statutory exceptions.

The transfer of your personal data outside the EEA within the Daicel Group takes place on the basis of our intra-group data transfer agreement, which is based on the European Commission’s standard contractual clauses for data transfers, and in accordance with Applicable Laws.

4.Purposes and Legal Bases of Use

We may use your personal data for the following legitimate business purposes on the following legal bases, namely for the fulfillment of a contract between us, due to a legal obligation, with your consent or explicit consent, as the case may be, legitimate interests as outlined below, in order to protect the vital interests of you or other individuals, for the establishment, exercise or defense of a legal claim or as otherwise allowed under the GDPR or other Applicable Laws:
  1. (1)Individual or Corporate Customers
    1. To provide the products and/or services relating to our business;
    2. To perform our obligations under a contract with you;
    3. To notify you of information concerning our products and/or services or related products and/or services thereof;
    4. To invite you to our events, including exhibitions, briefings, viewings, networking and seminars;
    5. To conduct marketing survey or to request feedback from you;
    6. To respond to inquiries, document requests and other requests;
    7. To achieve any other purpose which you agreed to in advance.
  2. (2)Existing or Prospective Contractors, Business Partners and Vendors
    1. To provide and receive products and/or services relating to our business;
    2. To perform our obligations under the contract with you or necessary actions to conclude the contract;
    3. To notify you of, and receive information concerning products and/or services with which we are dealing;
    4. To communicate invitations regarding exhibitions, briefings, viewings, networking, seminars or other events, respond to inquiries or document requests.
  3. (3)Shareholders, Job Candidates, Retirees and Members of Organizations to which we are a member
    1. To achieve our business purposes relating to them including notifications, organizing meetings and responding do queries.
  4. (4)Residents Neighboring Daicel Facilities
    1. To make evacuation directive and other necessary contact at the time of any emergency situation, such as natural disaster and other similar situation.
  5. (5)General Notice regarding Daicel Facility Security Measures and Cameras
    1. These are used to maintain security, to prevent crime and to ensure safety within the premises.

5.Categories of Personal Data We May Collect

In order to facilitate the above Purposes of Use, we may collect your name, address, email, telephone, title, bank and/or payment details, and other identifying information, as appropriate, including for website visitors, IP address, MAC address and cookie data, and for visitors to our facility, video camera images.
To enable our customers revisiting this Website to browse it with greater convenience, we may place data files known as "cookies" on our customer's computer, where that data will be stored on the hard disc. While these cookies are not primarily used to identify individual customers, although they may collect personal data, it is possible for our customers to block or delete the cookies placed through this website or perform other functions by changing the settings of their Internet browser.

6.Personal Data Retention

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of services or in the course of our relationship, unless we have a legal right or obligation to retain the data for a longer period, if the data is necessary for the establishment, exercise or defense of legal claims or in order to comply with legal obligations under Applicable Laws. Personal data are classified and managed pursuant to Daicel Corporation’s internal procedures and policies, as the case may be.

7.Your Data Protection Rights

The following rights that the GDPR provides you with in relation to the processing of your personal data, apply to you only if you are visiting our website or using our Service from and in the EU, or where Applicable Laws so provide.:
  1.  ・Request access to personal data about you (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
  2.  ・Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any inaccurate, incomplete our outdated information we hold about you corrected and completed.
  3.  ・Request personal data provided by you to be transferred in machine-readable format (“data portability”).
  4.  ・Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  5.  ・Request the restriction of processing of your personal data.This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
  6.  ・Object to the processing of your personal data in certain circumstances. You have the right to object to the processing of your personal data on grounds relating to your particular situation. You may also object at any time to the processing of your personal data for marketing purposes. (Please note that even if you object to your use of personal data for direct marketing purposes, we will still send you transactional messages in relation to services that you have purchased from us. These include responses to your questions and information about a service you have purchased from us.)
  7.  ・Refusal or withdrawal of consent. You are free to refuse to give consent (for example, when setting cookies on your device or for direct marketing) and if we rely on your consent you may withdraw (with effect for the future) your consent at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
  8.  ・Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred.
These rights listed may be subject to various conditions under Applicable Laws.
If you would like to exercise any of your rights set out above, you can contact us by email or post using the contact details below.

8.Inquiries Concerning Personal Data

Should you have any inquiries regarding any of the above or want to receive a copy of the data transfer mechanisms used, please direct your questions:
Personal Information Protection Office
Daicel Corporation. Tokyo Head Office
JR Shinagawa East Bldg.
Konan 2-18-1, Minato-ku, Tokyo, Japan
personal_information@jp.daicel.com
August 1st, 2018
Daicel Corporation.

Appendix 1

Definitions

Daicel Corporation or Daicel means Daicel Corporation, JR Shinagawa East Bldg., 2-18-1, Konan, Minato-ku, Tokyo 108-8230, Japan.
Data Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU Member State’s national or EU laws or regulations, the controller or the specific criteria for his nomination may be designated by EU Member State’s national or EU law.
GDPR means the EU General Data Protection Regulation 2016/679 and any other implementing legislation.
Applicable Laws means all the laws, regulations, ordinances or other standards that apply to the personal data collected, including, as it may apply, the GDPR.
Data Subject means identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Among others, Daicel processes personal data of the following Data Subjects:
  • ・Individual or Corporate Customers;
  • ・Existing or Prospective Contractors, Business Partners and Vendors;
  • ・Shareholders, Job Candidates, Retirees and Members of Organizations to which Daicel Corporation is a member;
  • ・Residents of Neighboring Daicel Facilities;
  • ・Those affected by Daicel Facility Security Measures, including cameras.
Daicel Group means Daicel Corporation and its corporate affiliates and subsidiaries.
Personal Data means any information relating to a Data Subject.
Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., computers), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.