Privacy Policy
1. About
this Policy
This Policy
applies to the Processing of Personal Data by DAIDO STEEL (SHANGHAI) CO., LTD.
(“DSS”) regarding its contact persons (“Business Partner Contact”/ “you”/ “your”)
at customers, dealers, distributors, contractors and subcontractors, suppliers
and professional advisers (“Business Partners”). We recognize the importance of
Personal Data and the need to observe applicable laws and regulations governing
the protection of Personal Data, in order to Process Personal Data in a lawful
and appropriate manner.
2. Definitions
In
this Policy:
(a) “Personal Data” means any information
relating to an identified or identifiable natural person;
(b) “Process/Processing” means any activity
or operation that is carried out in respect of the Personal Data, such as
collecting, storing, using, transferring, or deleting it.
3. How we
collect your Personal Data and what Personal Data we collect
We may collect
information that you provide to us, whether by means of a form on our website, by
email, in a letter, or otherwise, such as your name, company name, address,
division, title, email address and phone number. In some circumstances, we may
be provided such information relating to you by another organization.
4. Purpose
of Processing Personal Data
We use the Personal Data
that we hold about you for the following purposes (and only to the extent
necessary to fulfil those purposes):
(a) to
communicate with Business Partners;
(b) to
respond to inquiries, requests, etc. from Business Partners;
(c) to
provide information on products, services, events, etc. and to conduct public
relations activities;
(d) to
perform duties related to the performance of contracts and transactions with Business
Partners and to perform related and incidental duties;
(e) to
conduct research and development activities and related and incidental
operations;
(f) to
submit various applications and reports to government and public agencies;
(g) to
carry out various internal and external group activities and related and
incidental operations;
(h) to
communicate with Affiliates, subcontractors, etc. and to exchange information
necessary for the performance of business; and
(i) to
carry out other business activities of the DSS and other operations related or incidental to the above purposes.
5. Disclosure
of Personal Data to recipients and joint use of Personal Data
We may share your Personal
Data, without your prior consent, with the following categories of recipients.
We may also supply or disclose Personal Data to third parties when it is
necessary for another justifiable reason permitted by laws and regulations.
(a) Affiliates:
We may share your Personal Data with our Affiliates;
(Joint
use of Personal Data)
Under
Japanese law, we may share your Personal Data with our Affiliates in the
framework of joint use under the Act on the Protection on Personal Information,
the details of which are as follows:
Entity with which personal data is shared |
Affiliates
(please refer to the companies listed in the "Domestic Group"
section of our website (https://www.daido.co.jp/en/about/index.html) for the scope of “Affiliates”) |
Purpose of sharing |
to provide information and
contacts regarding various products, services, events, etc. offered by Affiliates; to respond to inquiries
and requests from Business Partners; and to properly and smoothly carry
out other Daido Group operations. |
Personal data to be shared |
Name,
age, gender, date of birth, name of company/organization, department,
title/position, qualifications, personal history and contact information. |
Party responsible for
management of personal data |
Affiliates that acquire and share the relevant Personal Data. Please refer to Section 9 below
for our address and the name of our representative. |
(b) Service
providers: We may disclose your Personal Data to service providers, including
IT service providers.
6. Storage
period for Personal Data
We will retain the
Personal Data that we collect for the period necessary to Process such Personal
Data, and for a term not exceeding 7 years after the completion of our business,
except to the extent that we are required by law to retain it for a longer
period of time, in which case, we will retain it for the period required by
law.
7. Your rights
You have a number of legal rights in relation to the Personal Data that
we hold about you. These rights may vary depending on where you are located and
which data protection laws apply to the relationship between you and us, but
typically will include the following:
(a) Right to obtain information regarding the Processing
of the relevant Personal Data and to access the relevant Personal Data that we
hold;
(b) Right to request rectification of the relevant
Personal Data if it is inaccurate or incomplete;
(c) Right to request erasure of the relevant Personal
Data in certain circumstances;
(d) Right to request that we restrict our Processing
of the relevant Personal Data in certain circumstances;
(e) Right
to object to our Processing of the relevant Personal Data;
(f) Right to receive the relevant Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly
transmit such Personal Data to a recipient where this is
technically feasible; and
(g) Right to withdraw your consent to our Processing
of the relevant Personal Data at any time.
You may exercise any of your rights by contacting us, using the information
about us indicated in Section 9 below. You also may lodge a complaint with the data
protection authority if you believe that any of your rights have been infringed
by us.
8. Security
control measures
We take all necessary
and appropriate security control measures, including measures to prevent the
leakage, loss, or damage of Personal Data to be Processed, such as establishing
rules for the Processing of Personal Data, training of employees in the
Processing of Personal Data, and prevention of theft or loss of equipment
Processing Personal Data.
You may obtain further
details about the security control measures we have in place in relation to the
Processing of your Personal Data by contacting us using the information about
us indicated in Section 9 below.
9. Contact
details
If you have any
questions about this Policy, your rights, or any other matter relating to the
protection of your Personal Data, please contact us at the following address:
(a) Address
of head office
: Room1402, Ruijin Building, 205 Mao Ming Nan RD,
Shanghai, China 200020
(b) Department:
General Affairs Division
(c) Name
of representative: Satoshi Toyama (General Manager of General Affairs Division)
(d) Email
address: dss@daidosteel.net
(e) Telephone
number: +86-21-5466-2020
For Business Partner Contacts in
the EEA and the UK
This section applies to Business
Partner Contacts in the EEA and the UK.
1. Legal
basis
The legal basis for
Processing your Personal Data is as follows:
(a) Contract. This is where we need to Process your Personal Data to perform the
contract we enter into with you.
(b) Legitimate Interests. This is where the
Processing of your Personal Data is necessary for legitimate interests pursued
by us or a third party (e.g. to respond to your inquiries) and your interests
and fundamental rights do not override those interests. You may obtain further
details about legitimate interests by contacting us using the information about
us indicated in Section 9 above.
(c) Consent. This is where you have given
consent for us to Process your Personal Data. The withdrawal of your consent
shall not affect the lawfulness of Processing performed based on the consent
before your withdrawal.
(d) Legal obligation. This is where the
Processing of your Personal Data is required by the law to which we are
subject.
2. Transfers of Personal Data outside the EEA or the UK
Your Personal Data may be transferred to, and stored by, a third party outside the
EEA or the UK. Where we transfer your Personal Data to a
third party outside the EEA or the UK, we will ensure that:
(a) the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an
adequate level of protection for the rights and freedoms that you possess in
respect of your Personal Data; or
(b) the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of personal
data as
required by data protection laws, with us.
In the absence of the
aforementioned appropriate safeguards, we may – to the extent permitted under
and in accordance with the GDPR - rely on a derogation applicable to the
specific situation at hand (e.g. the data subjects’ explicit consent, the
necessity for the performance of a contract, the necessity for the
establishment, exercise or defense of legal claims). You
can obtain more details of the protection given to your personal data when it
is transferred outside the EEA or the UK by contacting us using the information about us
indicated in Section 9 above.
ForBusiness Partner Contacts in Thailand
This
section applies to Business Partner Contacts in Thailand.
1. Legal basis
The legal basis for Processing your Personal Data is
as follows:
(a) Contract. This is where we need to Process your Personal Data to perform the
contract we enter into with you.
(b) Legitimate Interests. This is where the Processing of
your Personal Data is necessary for legitimate interests pursued by us or a
third party (e.g. to respond to your inquiries) and your interests and
fundamental rights do not override those interests. You may obtain further
details about legitimate interests by contacting us using the information about
us indicated in Section 9 above.
(c) Consent. This is where you have given consent for us to Process
your Personal Data. The withdrawal of your consent shall not affect the
lawfulness of Processing performed based on the consent before your withdrawal.
(d) Legal Obligation. This
is where the Processing of your Personal Data is required by the law to which
we are subject such as tax law.
2. Transfers of
Personal Data outside Thailand
Your Personal Data may be transferred to, and
stored by, a third party outside Thailand. Where we transfer your Personal Data to a
third party outside Thailand, we will ensure that:
(a) the recipient destination has adequate
data protection standard in accordance with the rules for the protection of
Personal Data as prescribed by the Personal Data Protection Committee under
Section 16(5) of the Personal Data Protection Act;
(b) it is necessary for compliance
with laws;
(c) with your consent where you are aware of
the inadequate personal protection standards of the recipient destination;
(d) it is necessary for the performance of a
contract which you are a party, or for taking steps as your request prior to
entering into a contract;
(e) it is necessary for the performance of a
contract with other persons or juristic persons for your interests;
(f) to prevent or suppress a danger to your
life, body, or health or other persons, when you are incapable of giving the
consent at such time;
(g) it is necessary for carrying out the
activities in relation to substantial public interest;
(h) the
recipients are ones of our Affiliates where there is standard
data protection clauses that have been approved by the Office of Personal Data
Protection Committee and the transfer is carried out in accordance
with such approved clauses; or
(i) the
recipients are ones where there is suitable protection measures which
is enable the enforcement of your rights, including effective legal remedial
measures according to the rules and methods as prescribed and announced by the
Personal Data Protection Committee.
For Business Partner Contacts in China
This section applies to Business Partner Contacts in China.
1. Handling methods
We handle the collection, storage, use, processing, transmission, provision, disclosure, and deletion of Personal Data.
2. Processing of Sensitive Personal Information
When handling sensitive personal information, we shall take the measures required by the Personal Information Protection Law of the People’s Republic of China (hereinafter referred to as the "Law" in this item), such as informing Business Partner Contacts of the necessity of handling sensitive personal information and its impact on personal rights and interests. We will take the measures required by the Personal Information Protection Law of the People’s Republic of China (hereinafter referred to as the "Law" in this item), including informing Business Partner Contacts of the necessity of handling sensitive personal information and its impact on personal rights and interests.
3.Provision of Personal Data
In the event that we provide your Personal Data to a third party other than a contractor to whom we entrust the Processing of Personal Data, we will take the measures required by law, such as notifying you of the name or names of the third party, contact method, purpose of Processing, Processing method, and type of Personal Data.
In addition, if we provide your Personal Data to a third party outside of China, we will take the measures required by law, such as notifying you of the name of the third party, contact method, purpose of Processing, Processing method, type of Personal Data, and methods and procedures for exercising the rights stipulated by law against the third party.