This Policy applies to the Processing of Personal Data by Tohoku Steel Co., Ltd. (“Tohoku Steel”, or “we”/“us”/“our”) regarding its contact persons (“Business Partner Contact”/“you”/“your”) at customers, dealers, distributors, contractors and subcontractors, suppliers and professional advisers (“Business Partners”). We recognize the importance of Personal Data and the need to observe applicable laws and regulations governing the protection of Personal Data, in order to Process Personal Data in a lawful and appropriate manner.
In this Policy:
We may collect information that you provide to us, whether by means of a form on our website, by email, in a letter, or otherwise, such as your name, company name, address, division, title, email address and phone number. In some circumstances, we may be provided such information relating to you by another organization.
When you visit our website, we may automatically collect technical information about your equipment and your interaction with the website, including cookies and your IP address.
We use the Personal Data that we hold about you for the following purposes (and only to the extent necessary to fulfil those purposes):
We may share your Personal Data, without your prior consent, with the following categories of recipients. We may also supply or disclose Personal Data to third parties when it is necessary for another justifiable reason permitted by laws and regulations.
Affiliates: We may share your Personal Data with our Affiliates;
(Joint use of Personal Data)
Under Japanese law, we may share your Personal Data with our Affiliates in the framework of joint use under the Act on the Protection on Personal Information, the details of which are as follows:
|Entity with which personal data is shared
|Affiliates (please refer to the companies listed in the "Domestic Group" section of our website (https://www.daido.co.jp/en/about/index.html) for the scope of “Affiliates”)
|Purpose of sharing
|Personal data to be shared
|Name, age, gender, date of birth, name of company/organization, department, title/position, qualifications, personal history and contact information.
|Party responsible for management of personal data
|Affiliates that acquire and share the relevant Personal Data.
Please refer to Section 9 below for our address and the name of our representative.
Service providers: We may disclose your Personal Data to service providers, including IT service providers.
We will retain the Personal Data that we collect for the period necessary to Process such Personal Data, and for a term not exceeding 10 years after the completion of our business, except to the extent that we are required by law to retain it for a longer period of time, in which case, we will retain it for the period required by law.
You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:
You may exercise any of your rights by contacting us, using the information about us indicated in Section 9 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights have been infringed by us.
We take all necessary and appropriate security control measures, including measures to prevent the leakage, loss, or damage of Personal Data to be Processed, such as establishing rules for the Processing of Personal Data, training of employees in the Processing of Personal Data, and prevention of theft or loss of equipment Processing Personal Data.
You may obtain further details about the security control measures we have in place in relation to the Processing of your Personal Data by contacting us using the information about us indicated in Section 9 below.
If you have any questions about this Policy, your rights, or any other matter relating to the protection of your Personal Data, please contact us at the following address:
This section applies to Business Partner Contacts in the EEA and the UK.
The legal basis for Processing your Personal Data is as follows:
Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK. Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:
In the absence of the aforementioned appropriate safeguards, we may – to the extent permitted under and in accordance with the GDPR - rely on a derogation applicable to the specific situation at hand (e.g. the data subjects’ explicit consent, the necessity for the performance of a contract, the necessity for the establishment, exercise or defense of legal claims). You can obtain more details of the protection given to your personal data when it is transferred outside the EEA or the UK by contacting us using the information about us indicated in Section 9 above.
This section applies to Business Partner Contacts in Thailand.
The legal basis for Processing your Personal Data is as follows:
Your Personal Data may be transferred to, and stored by, a third party outside Thailand. Where we transfer your Personal Data to a third party outside Thailand, we will ensure that:
This section applies to Business Partner Contacts in China.
We handle the collection, storage, use, processing, transmission, provision, disclosure, and deletion of Personal Data.
When handling sensitive personal information, we shall take the measures required by the Personal Information Protection Law of the People's Republic of China (hereinafter referred to as the "Law" in this item), such as informing Business Partner Contacts of the necessity of handling sensitive personal information and its impact on personal rights and interests.
In the event that we provide your Personal Data to a third party other than a contractor to whom we entrust the Processing of Personal Data, we will take the measures required by law, such as notifying you of the name or names of the third party, contact method, purpose of Processing, Processing method, and type of Personal Data.
In addition, if we provide your Personal Data to a third party outside of China, we will take the measures required by law, such as notifying you of the name of the third party, contact method, purpose of Processing, Processing method, type of Personal Data, and methods and procedures for exercising the rights stipulated by law against the third party.