For EEA Personal Data and for Californian Personal Data
1. Processing of Personal Data related to your business relationship with us
Categories of Personal Data processed, purpose of the processing
In the context of the business relationship with us, we may process the following categories of Personal Data of current and future contact persons at our customers, suppliers, vendors and partners (each a “Business Partner”):
- Contact information, such as full name, title, address, telephone number, mobile phone number, fax number and email address;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card number, security code numbers, tax ID, bank account and other related billing information;
- Further information necessary processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as Personal Data relating to orders placed, payments made, requests, and project milestones;
- Personal Data collected from publicly available resources, integrity data bases and credit agencies;
- If legally required for Business Partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners; and
- Applicant’s information (such as name, address, age, birth date, sex, phone number, face photograph, email address, results of aptitude test, sheet recording the interview results, status of residence and expiration date thereof and marital status), payment related information (such as decision method for annual and monthly earning, bonus and salary), HR information (such as educational background, qualification/license, title and professional background), and family and relative information (such as presence of dependents).
We may process the Personal Data for the following purposes:
- Communicating with Business Partners about products, services and projects of us or Business Partners, e.g. by responding to inquiries or requests or providing you with technical information about purchased products;
- Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
- Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; - Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards;
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims; and
- Reviewing and deciding employment and employment conditions and responding to enquiries and business communication.
We are not allowed to process Personal Data if we cannot rely on a valid legal ground. Therefore, we will only process your Personal Data when:
- We have obtained your prior unambiguous consent;
- The processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
- The processing is necessary to comply with our legal or regulatory obligations;
- The processing is necessary to protect your vital interests or those of another natural person;
- The processing is necessary for our legitimate interests except where they are overridden by your interests or fundamental rights and freedoms.
Generally, the legitimate interest pursued by us in relation to our use of your Personal Data is the efficient performance or management of our business relationship with you.
In some cases, we may ask if you consent to the relevant use of your Personal Data. In such cases, the legal basis for our processing that data about you may (in addition or instead) be that you have consented.
2. Transfer and disclosure of Personal Data
We will not transfer/disclose your Personal Data to third parties for their own independent marketing or business purposes without your consent. However, we may transfer/disclose your Personal Data to the following entities:
A. Third party recipients of the Personal Data
We may transfer/disclose your Personal Data to the following entities:
- Our Group Companies
We may need to transfer your Personal Data to other our group companies to provide the products and/or services you require or any other assistance you request, to create, improve and conduct our business with you.
- Service Providers
We use third party service providers to help us by providing IT services (e.g., hosting or IT maintenance and support services), accounting services (e.g., audit), payment services, delivery services and/or business support service on our behalf. We share your Personal Data about you with such third-party service providers solely for the purpose of enabling them to perform services on our behalf and they will operate only in accordance with our instructions. Here are examples of third party service providers we use: Analytics Service Providers --- analytics providers are used to assist us in understanding the usage of our website, to enable us to improve our website.
- Third Parties when required by Law or to Protect our Business
We will disclose your Personal Data to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; to protect our customers; to operate and maintain the security of our website; or to establish, exercise or defend the rights or property of us or legal claims.
- Other Parties in connection with Corporate Transactions
We may disclose your Personal Data to a third party (or other our group companies) as part of a reorganization, merger, transfer, sale, joint venture, assignment or other disposition of all or any portion of our business, assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding.
- Other Parties with Your Consent or at Your Direction
We may share your Personal Data with third parties when you consent to or request such sharing.
B. International Transfer of Personal Data
The Personal Data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your region, including but not limited to Japan or in any other country and where we or service providers maintain facilities.
Sometimes the recipients to whom we transfer your Personal Data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, we take measures to implement appropriate and suitable safeguards for the protection of your Personal Data. In particular, we transfer EEA Personal Data to external recipients in such countries only if the recipient has (i) entered into EU Standard Contractual Clauses with us, (ii) implemented Binding Corporate Rules in its organization or (iii) – in case of US recipients – the recipient is certified under the Privacy Shield. You may request further information about the safeguards implemented in relation to specific transfers by contacting Contact Form.
3. Records of Data Processes
We handle records of all processing of Personal Data in accordance with the obligations established by the EU’s General Data Protection Regulation (hereinafter referred to as “GDPR”), both where we might act as a controller or as a processor. In these records, we reflect on all the information necessary to comply with the GDPR and cooperate with the supervisory authorities as required.
4. Security Measures
5. Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, EEA Personal Data transmitted, stored or otherwise processed, we have the mechanisms and policies in place to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.
6. Processing Likely to Result in High Risk to your Rights and Freedoms
We have mechanisms and policies in place to identify data processing activities that may result in high risk to your rights and freedoms. If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority to obtain their advice and recommendations.
7. Retention Period
Unless indicated otherwise at the time of the collection of your Personal Data (e.g. within a form completed by you), we erase your Personal Data if the retention of that Personal Data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations (such as retention obligations under tax or commercial laws).
8. Withdrawal of Consent
In case you declared your consent for the processing of certain Personal Data by us, you have the right to withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If the consent is withdrawn, we may only further process the Personal Data where there is another legal ground for the processing.
9. Your Rights
We will collect, store and process your Personal Data in accordance with your rights under any applicable law. Under applicable data protection law, you have the following rights regarding the Personal Data collected, stored and processed by us. However, we may not respond all or part of such request in case where the response (a) may damage life/body/property or other right and interest of the relevant individual or a third party, (b) may significantly disturb appropriate implementation of our business operations, or (c) violates other laws and regulations.
- Information regarding your Personal Data processing: You have the right to obtain from us all requisite information regarding our data processing activities that concern you.
- Access to Personal Data: You have the right to obtain from us confirmation as to whether or not your Personal Data are being processed, and, where that is the case, access to the Personal Data and certain related information.
- Rectification or erasure of Personal Data: You have the right to obtain from us the rectification of inaccurate Personal Data concerning you without undue delay, and to complete any incomplete Personal Data. You may also have the right to obtain from us the erasure of your Personal Data without undue delay, when certain legal conditions apply.
- Restriction on processing of Personal Data: You may have the right to obtain from us the restriction of processing of your Personal Data, when certain legal conditions apply.
- Objection to processing of Personal Data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you, when certain legal conditions apply.
- Data portability of Personal Data: You may have right to receive your Personal Data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply.
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your Personal Data, insofar as this produces legal or similar effects on you, when certain conditions apply.
Californian Personal Data
In the case of Californian Personal Data, a Californian Consumer has the right to request us to disclose to the Californian Consumer the following pursuant to the Californian Consumer Protection Act:
- The categories of Californian Personal Data we have collected about the Californian Consumer.
- The categories of sources from which the Californian Personal Data is collected.
- The business or commercial purpose for collecting or selling the Californian Personal Data.
- The categories of third parties with whom we share the Californian Personal Data.
- The specific pieces of the Californian Personal Data that we have collected about the Californian Consumer.
In addition to the above, the Californian Consumer has the right to direct us not to sell the Californian Personal Data of the Californian Consumer, and to request us delete the Californian Personal Data about the Californian Consumer. Moreover, we will not discriminate against the Californian Consumer even though the Californian Consumer exercised any of his or her rights.
If you wish exercise any of the rights above, please refer to the contact section below.
A small text file that we put on your computer. If we use a Cookies in relation to your use of our website, our web server can, for example, track and record information about which pages in our website your computer visits. It is not possible for us to identify you through the Cookies that we use, unless and until you enter personal information onto our website.
We use “analytics” cookies. These, along with other information, allow us to calculate the aggregate number of people using the website and which features of our website are most popular. We use this information to improve the website.
The ULVAC Data Protection Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The ULVAC Data Protection Organization may be contacted at: Contact Form.
The ULVAC Data Protection Organization will always use best efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the ULVAC Data Protection Organization, you always have the right to approach the competent data protection authority with your request or complaint.
A list and contact details of local data protection authorities in the EU is available here.
Data Protection Organization
ULVAC-PHI, Inc. 2500 Hagisono Chigasaki, Kanagawa 253-8543 Japan