Privacy Policy (GDPR)
Table of Contents
1. About this Privacy Policy (GDPR)
2. Categories of Personal Data We Collect and Methods of Collection
3. Purposes and Legal Basis for Processing Personal Data
4. Sharing of Personal Data
5. Links to Third-Party Services
6. Transfer of Personal Data
7. Retention and Disposal of Personal Data
8. Security Measures and Safety Management
9. Notification of Data Breaches
10. Your Rights
11. About Children
12. Changes to this Policy
13. Contact Information
1. About this Privacy Policy (GDPR)
HighChem Co., Ltd. ("we" or "our company") places high importance on the protection of the personal data we collect from our customers. This policy informs our customers about how we handle their personal data in compliance with the applicable regulations of the European Economic Area (EEA), particularly the General Data Protection Regulation (GDPR) 2016/679 and the UK's Data Protection Act 2018 (UK GDPR). Under the GDPR, we act as the data controller for our customers' personal data. In this policy, "customers" include those who purchase our products and services, visitors to our and our group companies' websites, and applicants for employment with HighChem Group companies.
2. Categories of Personal Data We Collect and Methods of Collection
We handle the following categories of customer data:
Identification and contact information (e.g., name, company name, company address, position, contact details, email address, phone number, credit card information, and other personal data related to preferences regarding our products and services)
Data listed on registration forms (e.g., customer requests, registered information, inquiries)
Usage data related to our products, services, and websites (e.g., purchase history, records of receiving marketing data, communications records and preferences, browsing and search history on our websites)
Technical data (e.g., IP address, login data, browser type and version, device type, timezone, location data)
We collect personal data directly or indirectly as follows:
Direct Collection: Provided by customers through our websites, forms, emails, postages, or other methods, including third-party platforms like Instagram and LinkedIn.
Indirect Collection: Collected through technical data when customers use our websites via cookies and analytical tools like Google Analytics. Please refer to our separate Cookies Policy for more details.
3. Purposes and Legal Basis for Processing Personal Data
The type of personal data we process varies based on how customers interact with us. Below are the explanations of how we handle personal data and the legal basis for processing under GDPR and UK GDPR. In Japan, we primarily process personal data based on customer consent.
(1) For Providing Information and Conducting Transactions Related to Products and Services
①Types of Personal Data: Identification and contact information, usage data related to our products, services, and websites
②Purpose: To provide information and conduct transactions related to products and services, including executing transactions,
processing payments, and handling customer requests
③Legal Basis: Fulfillment of contractual obligations and our legitimate interest in providing high-quality services
(2) For Communication and Information Provision to Customers
①Types of Personal Data: Identification and contact information, data listed on registration forms, usage data related to our products,
services, and websites, technical data
②Purpose: To communicate with customers, provide information (including promotions, marketing, and public relations), and respond
to inquiries about various services
③Legal Basis: Customer consent and our legitimate interest in providing high-quality services
(3) For Job Applicants
①Types of Personal Data: Identification information (e.g., name, gender, date of birth, phone number, email address), skills, qualifications,
employment history, resume, education, desired position
②Purpose: To provide information, communicate with, and conduct other recruitment activities for job applicants
③Legal Basis: Applicant consent
(4) For Improving Our Products and Services
①Types of Personal Data: Usage data, technical data
②Purpose: To improve our products, services, and related information, including analyzing traffic data, monitoring statistics,
and improving and verifying the effectiveness of our websites
③Legal Basis: Our legitimate interest in providing and maintaining our products, services, and websites,
and customer consent for handling cookies and similar data
We process personal data only for the specified, clear, and legitimate purposes stated above and do not process data in ways incompatible with these purposes. If we intend to process data for purposes other than those initially collected, we will notify customers accordingly.
4. Sharing of Personal Data
We may share personal data with the following recipients:
(1) HighChem Group Companies: Identified on our website, these companies share responsibility for personal data management under this policy.
(2) Service Providers and Subcontractors: Selected providers and partners who handle personal data to provide our websites and related services, such as cloud services, CRM/customer management services, marketing services, travel arrangements, delivery services, reception desk services, meeting/event organizers, hospitality, and accommodation.
We may also disclose personal data in the following cases:
To comply with laws, court orders, or requests from public or government authorities
When necessary or appropriate for national security, law enforcement, or other significant public interests
To protect life, body, or property of individuals
In the event of a business transfer or succession, including mergers, acquisitions, or reorganization
5. Links to Third-Party Services
Our websites may include hypertext links to third-party websites or internet sources. We do not control these third-party websites and are not responsible for their privacy policies. Please read their privacy policies carefully to understand how they handle personal data.
6. Transfer of Personal Data
HighChem Group operates globally, which means we may transfer personal data to our group companies and recipients located outside your country for the purposes stated in this policy. In such cases, the primary responsibility for personal data processing lies with our company in Japan, and we handle the data transfer in compliance with Japanese data protection laws. In the case of data transfers from the EEA and UK to Japan, there exists an adequacy decision recognizing that the mutual personal data protection systems provide sufficient protection levels. When personal data is transferred outside the EEA, we comply with applicable laws to ensure that your personal data is adequately protected. We also enter into contracts as required by these applicable privacy laws.
7. Retention and Disposal of Personal Data
We retain personal data for the duration necessary to achieve the purposes stated in this policy and securely dispose of it after the retention period unless required by law to retain it longer.
8. Security Measures and Safety Management
We implement organizational, physical, and technical security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These measures include access control, employee training, and the use of antivirus software. We also require recipients of personal data to implement appropriate security measures.
9. Notification of Data Breaches
We have systems and measures in place to detect, evaluate, and respond to data breaches promptly. We will notify supervisory authorities and affected customers as required by law.
10. Your Rights
If you reside in the EEA, UK, or Switzerland, you have the following rights under GDPR, UK GDPR, and Swiss Federal Data Protection Act:
Access to Personal Data: Confirm whether we process your personal data and access the data and related information.
Correction or Deletion of Personal Data: Correct or delete inaccurate or incomplete personal data.
Restriction of Processing: Obtain restriction of data processing under certain conditions.
Objection to Processing: Object to data processing based on your specific circumstances.
Data Portability: Receive personal data in a structured, commonly used, machine-readable format and transfer it to another controller.
Withdrawal of Consent: Withdraw consent for data processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Exclusion from Automated Decision-Making: Not be subject to automated decision-making, including profiling, that has legal or similar significant effects.
To exercise your rights, contact us at the provided contact information. If you are dissatisfied with our response or have complaints about our handling of your personal data, you may file a complaint with a data protection supervisory authority.
11. About Children
Our products and services are intended for adults. We do not knowingly process personal data of children under 16 years old. If we discover that we have processed such data, we will take measures to delete it promptly.
12.Changes to this Policy
We review and improve this policy regularly to comply with applicable laws. Changes to this policy take effect upon posting the updated policy on our website.
13. Contact Information
For inquiries about this policy, please contact us at:
HighChem Co., Ltd., General Affairs Department
11th Floor, Tokyo Toranomon Global Square, 1-3-1 Toranomon, Minato-ku, Tokyo 105-0001
Email: soumu@highchem.co.jp
Effective Date: June 12, 2024