GDPR Privacy Policy
of Fukuske Corporation

Last update: 15 October 2018

A) Purpose of this policy, etc.

1. Purpose of this privacy policy

This privacy policy aims to give you information on the way of processing (including, but not limited to, collection, use, storage, disclosure by transmission) by Fukuske Corporation (the “Company”, "we", "us" or "our" in this privacy policy) of personal data relating to an identified or identifiable natural person in the European Economic Area (“EEA”, and such natural person shall be “Data Subject” and such personal data shall be “Personal Data”) as a data controller (or a data processor, if applicable).

Consistent with our Global Code of Conducts and Ethics, we will respect the rights to privacy of individuals and comply with data protection and privacy related laws and regulations including EU General Data Protection Regulation 2016/679 (“GDPR”).

2. Contact details

If you have any questions about this privacy policy, please contact ERM Department of the Company at:

(a) (if sent by post) Kyoceraharajuku BLDG., 4F 6-27-8 Jingumae, Shibuyaku, Tokyo, 150-0001, Japan); or

(b) (if sent by email) email address of fukuske_medical.labo@fukuske.com

3. Third-party links

This website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. Accordingly, when you leave our website, we encourage you to read the privacy policy of every website you visit.

B) Personal Data we collect about Data Subject

Personal Data means any information relating to Data Subject. It does not include data where the data subject is not or no longer identifiable (anonymous data).

We may process (including collect) Personal Data for various purposes including, but not limited to:

  • For Identification” (including, first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender);
  • For Contact” (including, billing address, delivery address, email address and telephone numbers);
  • For Marketing and Communications” (including Data Subject’s preferences in marketing from us and our third parties and Data Subject’s communication preferences); and
  • For Confirmation of Personal History” (including Data Subject’s skills, qualifications, job history and any other information that might be necessary to judge Data Subject’s suitability to the role).

Personal Data may be converted into statistical or aggregated data in such a way that Data Subject will not be identified or identifiable from it and may be used for analytical and research purposes.

C) How is Personal Data collected?

We collect Personal Data including through the following ways:

  • Direct collection:

    We may collect Personal Data directly from Data Subject by filling in a designated form and/or by corresponding with us by post, email or otherwise when Data Subject:

    • requests information on our products or services;
    • provides us with your business cards;
    • gives us feedback or contact us; or
    • applies to job roles and further take interview
  • Indirect collection:

    We may collect Personal Data about Data Subject from third parties (including, but not limited to, the organisation to which the Data Subject belongs) and/or public sources.

D) How we use Personal Data

1. Legal grounds for lawful processing of Personal Data

We will use Personal Data only when relevant laws and/or regulations (in particular, GDPR) allows us to do so.

When we process Personal Data, we will rely on at least one of the legal grounds for lawful processing (including, but not limited to the following applies):

  • Consent by Data Subject” (Processing Personal Data in the case where Data Subject has given consent to such processing for one or more specific purposes);
  • Performance of Contract” (Processing Personal Data in the case where it is necessary for the performance of a contract to which Data Subject is a party is the contract, or for taking steps at Data Subject’s request before entering into such a contract)
  • Compliance” (Processing Personal Data in the case where it is necessary for our compliance with a legal obligation)
  • Legitimate Interests” (Processing Personal Data in the case where it will be in the legitimate interest of the Company to carry out its operation and management of its business for provision of most suitable services and/or products).
    Before processing Personal Data, we will assess potential impacts (both positive and negative) on Data Subject and his/her rights and further make comparison between such impacts on Data Subject and the Company’s legitimate Interests. We do not use Personal Data if the adverse effect on Data Subjects and his/her rights exceeds the Company's legitimate interest. (Except for the case where we have obtained consent of Data Subject to such processing or where such processing is required or permitted by relevant laws and/or regulations).

2. Purposes for using Personal Data

We have set out below, in a table format, a description of typical (i) purposes for using Personal Data, (ii) types of Personal Data and (iii) legal grounds for lawful processing (including use) of Personal Data.
(We may process Personal Data for more than one legal ground depending on the specific purpose for using Personal Data.)

(i) Purposes for using Personal Data(ii) Types of Personal Data(iii) Legal grounds for lawful processing
1. To register a new customer (a) For Identification
(b) For Contact
(a) Consent by Data Subject
(b) Performance of Contract
(c) Legitimate Interests
(for administration purpose)
2. To implement relating to supply of goods or services including:
(a) placing (or receiving) order
(b) delivery (or take delivery)
(c) payment for fees, etc.
(d) administration of debts and credits
(a) For Identification
(b) For Contact
(a) Consent by Data Subject
(b) Performance of Contract
(c) Legitimate Interest
(for debt collection)
3. To manage contact details including:
(a) advising changes to relevant information on the Company
(b) asking for participation in a market survey
(a) For Identification
(b) For Contact
(a) Consent by Data Subject
(b) Performance of Contract
(c) Compliance
(d) Legitimate Interest
(for updating customer’s contact details and for investigation on products and/or services)
4. To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) For Identification
(b) For Contact
(a) Consent by Data Subject
(b) Legitimate Interest
(for management and provision of IT services, network security and for prevention of fraud)
(c) Compliance
5. To recruit new members of staff (including collection, storage and use of Personal Data obtained through job application, etc.) (a) For Identification
(b) For Contacts
(c) For Confirmation of Personal History
(a) Consent by Data Subject
(b) Legitimate Interest
(for recruiting individuals to our company and to make sure there is no miss-matching of the job requirement and the applicant)
(c) Compliance

3. Change to purpose, etc.

We will only use Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and such purpose is compatible with the original purpose.

If we need to use Personal Data for a purpose apparently irrelevant to the original purpose, we will try to obtain Data Subject’s consent by notifying applicable legal basis.

Notwithstanding the above, we may process Personal Data, without Data Subject’s knowledge or consent, if to do so is required or permitted by relevant laws and/or regulations.

E) Disclosure of Personal Data

We may disclose Personal Data to the following third parties, subject to availability of safety measure for protection of Personal Data and compliance with the relevant laws and regulations by such third parties:

  • Internal Third Parties
  • External Third Parties
  • Third parties, to whom we may choose to sell and transfer out business (or vice versa) or with whom merge

When we ask External Third Parties to process Personal Data on our behalf, we will not allow them to use Personal Data for their own purposes. We will permit them to process Personal Data only within the scope of our instructions and applicable relevant laws and regulations.

New owner of our business will be able to process (including use) relevant Personal Data to the same extent permitted by this policy.

For the purposes of interpretation of this part:

Internal Third Parties” shall include the ※TTC’s subsidiaries and affiliates in which ※TTC holds majority of its shares or interests (plus, specifically, Toyota Tsusho (Thailand) Co., Ltd.) in Japan and/or other countries, including, but not limited to ‘Principal Subsidiaries and Affiliates’, listed on the ※TTC’s website http://www.toyota-tsusho.com/english/company/group/, which may be updated from time to time.

※TTC:Toyoya Tsusho Corporation, located at 9-8, Meieki 4-chome, Nakamura-ku, Nagoya 450-8575, Japan. 100% share holder of the company.

External Third Parties” shall include the following third parties:

(a) service providers of Internal Third Parties in Japan and/or any other relevant countries (acting as their commissioned processors or joint controllers, etc. of Personal Data);

(b) professional advisers of Internal Third Parties in Japan and/or any other relevant countries (acting as their lawyers, accountants, auditors, financiers, insurers based and consultants, etc.; and

(c) any regulator and/or authority of personal data/ information/ privacy protection in Japan and/or any other relevant countries, which has authority to require reporting of processing activities, etc. in certain circumstances.

F) Transfer of Personal Data from EEA to Non-EEA

Disclosure of Personal Data mentioned in E) (Disclosure of Personal Data) above may include transfer of Personal Data from EEA to Non-EEA.

We transfer Personal Data from EEA to Non-EEA only if at least one of the following applies:

(a) transfer of Personal Data from EEA to a Non-EEA country where the European Commission confirms an adequate level of protection for Personal Data;

(b) transfer of Personal Data from EEA to a Non-EEA party to a data transfer (or, if appropriate, of processing) agreement with us, which includes standard contractual clauses designated by the European Commission (to give the same effect of protection as that of EEA); or

(c) at least one of the derogations set out in Article 49 (Derogations for specific situations) -1) of GDPR applies.

G) Data security

We limit access to Personal Data only to employees, agents, contractors and other persons who have a business need to know Personal Data of the Company and third parties mentioned in E) (Disclosure of Personal Data) above. They will be allowed to process Personal Data only within the scope of our instructions and be subject to a duty of confidentiality.

H) Retention period of Personal Data

We will retain Personal Data only to the reasonable extent necessary to achieve the purposes for collection of the same, e.g. for satisfaction of any legal, tax, accounting or other requirements.

We may retain Personal Data for a longer period in the event of complaint by Data Subject, or, if we reasonably believe, there is a prospect of litigation with Data Subject.

To determine the appropriate retention period of Personal Data, we will consider the amount, nature and sensitivity of the Personal Data; the potential risk of harm from unauthorised use or disclosure of Personal Data; purposes for processing Personal Data; prospect of achieving such purposes through other means, as well as the applicable legal, tax, accounting or other requirements.

I) Legal rights of Data Subject

1. Legal rights

Under certain circumstances, in relation to his/her Personal Data, Data Subject may have the following rights:

(a) to request access to Personal Data: (This enables relevant Data Subject to receive a copy of his/her Personal Data hold by us and to check the status of lawful processing of such Personal Data.)

(b) to request correction of Personal Data: (This enables relevant Data Subject to correct incomplete or inaccurate relevant Personal Data, though we may need to verify the accuracy of new data provided to us.)

(c) to request deletion of Personal Data: (This enables relevant Data Subject to ask us to delete relevant Personal Data if there is no good reason for us continuing to process it. However, we may not always be able to comply with Data Subject’s request to delete his/her Personal Data for specific legal reasons.)

(d) to object to inappropriate processing of Personal Data: (This enables relevant Data Subject to have an opportunity to check whether processing of relevant Personal Data is appropriate.)

(e) to request restriction on processing of Personal Data: (This enables relevant Data Subject to ask us to suspend the processing of his/her Personal Data in the following scenarios:
(i) if relevant Data Subject wants to confirm the accuracy of his/her Personal Data.
(ii) if relevant Data Subject wants to confirm the legal grounds for lawful processing of his/her Personal Data.

(f) to request the transfer of Personal Data to relevant Data Subject (or to a third party designated by him/her):

(g) to withdraw consent by Data Subject to process Personal Data: (This will not affect the lawfulness of any processing carried out before such withdraw. If Data Subject withdraws his/her consent, we may not be able to provide certain products or services to him/her. We will advise him/her if this is the case at the time of such withdrawal by Data Subject.)

Data Subject has the right to make a complaint to relevant supervisory authority in charge of data protection issues having competent jurisdiction. However, we would appreciate if Data Subject could give us chance to deal with Data Subject’s concerns in the first instance before Data Subject approaching such supervisory authority.

2. Cost, etc.

Basically, Data Subject does not have to pay any cost for exercising any of said rights.

However, we may ask Data Subject to bear reasonable cost if his/her request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to respond to Data Subject’s request in these circumstances.

3. Provision of additional information

We may need to request specific information from Data Subject to help us confirm his/her identity and secure Data Subject’s rights. This is a security measure to ensure that Personal Data will not be disclosed to any person who has no right to receive it.

We may also Data Subject to ask for further information in relation to his/her specific request to speed up our response.

4. Updates to this policy

This policy may be updated from time to time. You can find the latest version on our website.

[End of this policy]