The policy on the protection of personal data subject to the GDPR (hereinafter referred to as “This privacy policy”) applies only to the handling of personal data subject to the “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC〔General Data Protection Regulation” (hereinafter referred to as the “GDPR”)〕.

1. Handling of Personal Data

For personal data subject to the GDPR (including such regulations if there are any applicable EU-laws or EU/EEA member state legislation for personal data protection), the Company treat personal data appropriately in accordance with the GDPR.

2. Data Privacy Manager

IRISO ELECTRONICS EUROPE GmbH
Address: Zettachring 10, 70567 Stuttgart-Fasanenhof, Germany
TEL:49-711-451049-0
FAX:49-711-451049-70

3. Types of Personal Data

The Company will handle the personal data of customers, shareholders, and employees (including job applicants and retirees, etc.) (hereinafter collectively referred to as the “Customers, etc.”) as required for the purpose stated in “4. Purposes of Use of Personal Data and Legal Evidence of Its Handling” (hereinafter referred to as “Legal Evidence”). This data includes the following personal data:

（1） Basic information
Name, address, telephone number, e-mail address, employee information (your company name, department, position, address, telephone (fax) number, etc.), gender, bank account information, etc.
（2） Transaction information
Records pertaining to transactions with the Customers, etc.
（3） Information collected on websites etc.
Access logs to the website of the Company (IP addresses, Cookie, etc.)

4. Purposes of Use of Personal Data and Legal Evidence of the Handling

（1） Purposes of Use of Personal Data
The Company will handle the personal data of the Customers etc. appropriately within the scope of the following objectives.

1. To inform the Customers, etc. of The Company’s products
2. To provide campaigns and events for the Customers, etc.
3. To improve customer service, including market research, data analysis, and the planning and development of products and services
4. To control the data of the Customers, etc.
5. To manage the progress of transactions with the Customers
6. To conduct questionnaires to the Customers, etc.
7. To respond to the inquiries from the Customers, etc.
8. For marketing research and analysis
9. To report and notify government agencies and industry associations
10. For management of shareholders
11. To contact and deliver documents to shareholders
12. For recruitment selection and post-recruitment personnel management
13. To prepare various personnel data and have post-retirement communications
14. For joint use with persons stated in the sections 3 (1)
15. To handle operations incidental or related to the purposes 1-13 above

(2) Legal basis for the handling of personal data
The Company treats the personal data of the Customers, etc. based on any of the legal grounds set forth in Articles 6 and 7 of the GDPR. The Company also treats personal data that require special consideration, such as the union membership, religious opinions, and health conditions of the Customers etc., in accordance with the standards stipulated in Articles 9 and 10 of the GDPR.

(3) The Company will identify the personal data of the Customers, etc. for the above purposes, treat such data for clear and legitimate purposes, and notify the Customers, etc. if the Company treats such data in other ways which are not compatible with those purposes.

5. The Company’s Legitimate Interests

The Company has legitimate interests in the handling of personal data in order to provide services and products to the Customers, etc. and to manage the businesses and employees of the Customer.

6. Disclosure of Personal Data to Third Parties

The Company may disclose or share the personal data of the Customers, etc.to the following third parties. Also, if the Company discloses or shares the personal data of the Customers, etc. to data processors, the Company establishes an appropriate legal framework (Articles 26, 28 and 29 of the GDPR).

（1）Corporate affiliates
The Company may share the personal data of the Customers, with all corporate affiliates. (URL:/en/company/office/)

(2) Integration and Abolition of Various Enterprises
In the event of a corporate merger, corporate reorganization or civil rehabilitation, acquisition, joint venture, transfer, sale or disposition (including in connection with any bankruptcy or similar proceedings) of all or any portion of the Company’s business, the Company may transfer any personal data to the relevant third party.

(3) Service provider
The Company may share the personal data of the Customers, etc. with companies that provide the Company with a variety of services including hosting, maintenance, support services, e-mail services, marketing, auditing, handling the orders of the Customers, etc., payment processing, data analyses, providing customer services, conducting customer surveys and satisfaction surveys, etc. The Company may currently share the personal data of the Customers, etc. with service providers.

(4) Compliance
When compliance with the EU law or the laws and regulations of EU/EEA member states is required, the personal data of the Customers, etc. may be disclosed or provided to the parties stipulated by authorities or laws.

7. Transfer of Personal Data to Third Countries Outside the EU/EEA

In the event that the personal data of the Customers, etc. is transferred to countries or regions outside the EU/EEA, the Company will transfer the personal data of the Customers, etc. upon concluding standard contractual provisions or standard data protection provisions as appropriate protection measures in accordance with the provisions of the GDPR and applicable laws and regulations of EU/EEA member states (Article 44 et seq. of the GDPR).

8. Retention Period

The Company will store the personal data of the Customers, etc. for the time necessary to comply with our legal obligations or to ensure that appropriate services are provided.

9. Rights of the Customers, etc.

（1） In the event of a request from an individual or an agent with regard to the retained personal data, The Company will respond to the request in the ways as follows according to the GDPR.

1. Acquisition of information on the handling of the personal data of the Customers, etc. The Customers, etc. reserves the right to obtain from the Company all material information relating to the handling of our personal data relating to the Customers, etc. (Articles 13 and 14 of the GDPR)
2. Access to the personal data of the Customers, etc. Customers, etc. have the right to obtain our verification as to whether or not the personal data of the Customers, etc. is handled and, if so, have the right to have access to the personal data of the Customers, etc. and relevant information (Article 15 of the GDPR).
3. Correction or deletion of the personal data of the Customers, etc. The Customers, etc. has the right to have inaccurate personal data of the Customers, etc. corrected without undue delay and to incomplete personal data of the Customers, etc. , if any (Article 16 of the GDPR). In addition, if certain requirements are met, the Customers, etc. have the right to delete the personal data of the Customers, etc. without undue delay (Article 17 of the GDPR).
4. Restrictions on the handling of the personal data of the Customers, etc. If certain requirements are met, the Customers, etc. reserve the right to impose restrictions on the handling of the personal data of the Customers, etc. (Article 18 of the GDPR).
5. Objection to the handling of the personal data of the Customers, etc.: If certain requirements are met, the Customers, etc. reserve the right to object to the handling of the personal data of the Customers, etc. at any time on the grounds of the specific situations of the Customers, etc. (Article 21 of the GDPR).
6. Data Portability of the personal data of the Customers, etc.: If certain requirements are met, the Customers, etc. may have the right to receive the personal data of the Customers, etc. in a structured, machine-readable and generally accessible form and to forward such the personal data of the Customers, etc. to another data privacy manager without the Company’s interference (Article 20 of the GDPR).
7. Personal data that is not subject to automated decisions: If certain requirements are met, the Customers, etc. has the right to be excluded from automated decisions (including profiling) that have legal or equivalent effects on the Customers, etc. on the basis of the handling of the personal data of the Customers, etc. (Article 22 of the GDPR).

10. Right to Withdraw Data Treatment Based on the Consent and Consent

By declaring the intention to this privacy policy, the Customers, etc. have agreed to the Customers’ handling of personal data, and the Company will handle the personal data of the Customers, etc. in accordance with the consent of the Customers, etc.’. However, the Customers, etc. may withdraw such consent at any time.

11. Right to File an Objection with Supervisory Authorities

The Customers, etc. may file an objection with supervisory authorities in the event of any objections regarding the Company’s handling of the personal data of the Customers, etc. or in the event of any objections regarding how the Company handles the personal data of the Customers, etc..

12. Voluntary Provision of Personal Data

The provision of personal data is neither a legal or contractual requirement nor a requirement for the conclusion of a contract, unless a separate contract has been entered into between the Customers, etc. and the Company. The Customers, etc. are not obligated to provide personal data. However, if the Customers are unable to provide personal data, the Company may not be able to respond to inquiries, etc.

13. No Automated Decision Including Profiling

The Company may analyze access logs on the Company’s site, but the Company does not use the provided personal data for automated processing (including profiling) to analyze and predict the personal preferences and actions of the data subject, or make decisions that may have a legal impact on the data subject.

14. Cookie

The Company may use the cookies and similar technologies for provision of services. These technologies will help the Company understand the usage situations of services and contribute to the improvement of services. Users who wish to invalidate cookies can invalidate the cookies by changing the web-browse setting. However, the invalidation of the cookies may cause you to be unable to use some of the Company’s services.

15. Inquiries

For inquiries about protecting the personal data of the Customers, etc., please send them to the following address.
Contact: Personal Information Protection Section, Human Resources and General Affairs Department, IRISO ELECTRONICS CO., LTD.
Address: 2-13-8, Shinyokohama, Kohoku-ku, Yokohama, Kanagawa ZIP 222-0033, Japan
Telephone Number: +81-(0)45-478-3111
E-mail: somu@iriso.co.jp

16. Renewal of this Privacy Policy

(1) The Company may change the privacy policy. Any changes to the privacy policy will be effective at the same time as the revised version of the privacy policy is posted via this website. In the event of any changes that the Company considers as significant, the Company will inform the data subject to the extent possible through this website and, in some cases, ask for the consent of the data subject.

(2) In the event that any provision of the privacy policy conflicts with any law or regulation, such provision shall be replaced by a provision reflecting such intent of the initial provision to the extent permitted by law. In such case, the other provisions shall continue to be applied without change.

26/04/2019