Policy for handling personal data to which GDPR is applied
Nikkiso Co., Ltd. (the “Company”) and the Company’s affiliates (the “Nikkiso Group”) recognize that the protection of your personal data is of great importance. This Policy applies to the Company and all members of the Nikkiso Group.*
* If a certain company in the Company Group enacts its own policy and the policy provides that the terms of the policy supersedes the terms of this Policy, the terms of the above company’s policy are applied.
If EU and EU Member States regulations on data protection, in particular General Data Protection Regulation 2016/679 (the “GDPR”) are applied to you (referred to as “you” throughout this Policy), we process your personal data in compliance with GDPR. This Policy explains how we, as the data controller, obtain and process your personal data.
(2) Collection of personal data
We may collect and use the following personal data, depending on your relationship with us.
(3) Legal basis for processing / categories of personal data subject to processing
We process the following categories of your personal data based on the legal basis provided for in the GDPR (Articles 6 and 7). The legal basis will depend on the personal data we collect from you. The examples of the legal basis are listed below.
1. Your consent.
2. Performance of a contract to which you are a party.
3. Compliance with our legal obligations.
4. Our legitimate interest.
In many cases, the legal basis will be to pursue our legitimate interests. For details regarding the legitimate interests, please inquire using the contact details at the end of this Policy.
Further, we may process your personal data of a sensitive nature, including your religious beliefs and health status, in accordance with special criteria provided for in the GDPR (Articles 9 and 10) and only to the extent permitted by applicable laws.
We obtain and process the following categories of your personal data types of which are listed in the above (2) of this policy for the following purposes.
As stated in the below (7) of this Policy, you have the right to withdraw your consent to the processing of your personal data at any time by using the contact details at the end of this Policy. However, your withdrawal of consent will not affect the legality of processing conducted based on your consent before its withdrawal.
We do not conduct any decision-making based solely on automated processing, including profiling, that produces any legal or similar material effects on you.
We will notify you separately, if the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as the possible consequences of failure to provide such data.
As for personal data related to our human resources department, this Policy is applied only to personal data of applicants for employment and not applied to personal data of employees already hired by us. The privacy notice (Article 13 and 14 of GDPR) for the hired employees are separately provided by us.
(4) Sources of personal data
We obtain your personal data directly from you or indirectly through third parties such as those stated below:
Business Partners; data brokers; employment agencies; or public sources such as social media accounts and personal websites or accounts.
(5) Retention period for personal data
We will retain your personal data for as long as necessary to fulfil the aforementioned purposes for obtaining and processing your personal data. Specific retention periods are decided based on the following considerations: the purpose for obtaining and processing the personal data; the nature of the personal data; and the necessity of retaining the personal data for legal or business reasons.
(6) Sharing and disclosure of personal data
We might share and disclose your personal data to the following third parties in accordance with the GDPR for the purposes stated in this Policy.
1. Nikkiso Co., Ltd. (= ultimate parent company) and its employees.
2. Suppliers and other business partners with whom we have a business relationship and who provide products and services to us in relation to your personal data (such as marketing, data analysis, event management, warehousing, delivery, support and maintenance etc.).
3. Our distributors, sales agents, insurance companies, business partners who are involved in the business or work related to your personal data.
4. Third-party service providers which provide compliance-related system, DMS, ERP system including online recruitment system and other IT-related service in relation to your personal data.
5. Payment processing companies.
6. Employment agencies.
7. Legal or other professional advisers and auditors.
8. In the event that we sell any business assets, personal information may be disclosed to a potential buyer.
9. Police and competent government authorities when it is necessary to comply with legal obligations, including where an obligation arises as a result of a voluntary act.
10. Third parties when it is necessary for some other justifiable reasons that are permitted by applicable laws and regulations.
(7) Your rights
You have the following rights regarding personal data obtained and processed by us.
1. Obtaining information regarding processing of data
You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 of the GDPR).
2. Access to personal data:
You have the right to obtain from us confirmation as to whether personal data concerning you are being processed, and, if so, then access to the personal data and certain related information (Article 15 of the GDPR).
3. Rectification or erasure of personal data:
You have the right to have us rectify inaccurate personal data concerning you without undue delay and the right to have us complete any incomplete personal data (Article 16 of the GDPR). Also, if certain conditions are satisfied, you will have the right to have us delete personal data concerning you without undue delay (Article 17 of the GDPR).
4. Restriction on processing of personal data:
If certain conditions are satisfied, you will have the right to have us restrict processing of personal data concerning you (Article 18 of the GDPR).
5. Objection to processing of personal data:
If certain conditions are satisfied, you will have the right to object to processing of personal data concerning you (Article 21 of the GDPR).
6. Data portability of personal data:
If certain conditions are satisfied, you will have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from us (Article 20 of the GDPR).
7. Not to be subject to automated decision-making:
If certain conditions are satisfied, you will have the right not to be subject to decision-making based solely on automated processing, including profiling, that produces any legal or similar material effect on you (Article 22 of the GDPR).
If you intend to exercise any of the aforementioned rights, please inquire using the contact details below.
You can lodge a complaint in relation to our processing of your personal data with the Data Protection Supervisory Authority of the member mtate of your habitual residence, place of work or place of the alleged infringement.
(8) Amendment to this policy
We may amend this policy from time to time. We will contact you through this website, and where appropriate by email if we make any substantive or material amendments.
For questions or inquiries regarding this policy, please contact the Privacy Officer of Geveke.
Attn. Privacy Officer
P.O. Box 820
NL-1000 AV Amsterdam
Amsterdam, May 2020