Home > ESG Management > Privacy Policy

ESG ManagementPrivacy Policy

EU Personal Data Protection Policy

1. Personal data protection

Mitsubishi Kakoki Kaisha, Ltd. ("the Company") and our group including our affiliates recognizes the importance of protecting customers’ personal data, defines this policy for EU personal data protection for handling personal data provided or disclosed to the Company through our business activities, and addresses this task in compliance with the EU General Data Protection Regulation ("GDPR").
The personal data subject to this policy is the personal data in the European Economic Space.

2. Use of personal data

Our group will collect and handle personal data on the Customer, etc. only when it is required to provide appropriate products and services to the customers, business associates, and employees of our group (“the Customer, etc.”) through our business operations. The purposes of using the personal data shall be as outlined below.
In addition, with consent from the person concerned, our group may provide personal data to a third party, or consign the handling and enable shared use of the information between our group and a third party, within the scope required to achieve the purpose of usage.

(1)To consider and accept applications for opening a new account, to undergo formalities for entering into a contract between the Customer, etc. and our group, and for referencing and confirmation in connection with the foregoing;

(2)To propose products and services of our group to the Customer, etc.;

(3)To enable our group to respond to inquiries from the Customer, etc.;

(4)To enable our group to confirm and inquire about products and services provided by the Customer, etc.;

(5)To investigate the satisfaction of the Customer, etc.

(6)To compile statistical information for product development and service improvement of our group;

(7)To confirm application and/or participation in exhibitions, seminars, etc. held by our group, issue thank-you letters, and make reports on such events;

(8)To identify visitors to our group;

(9)To communicate with journalists, analysts, etc. during public relations activities of our group;

(10)To identify the stockholders of our group, fill out paperwork for them, perform procedures and issue invitations to them;

(11)To accept applications for job opportunities offered by our group, communicate with job applicants, notify them of decisions, and so forth;

(12)To enable our group to give notices to its retired employees, and communicate with its board directors and employees themselves as well as their family members;

(13)To accomplish the business entrusted to our group;

(14)To comply with laws and regulations such as administrative guidance and transmittal;

(15)To perform business activities incidental and related to the foregoing; and

(16)For the purposes of usage defined at the time of obtaining the personal data, or those agreed upon thereafter.

3. Handling of personal data

If we have received from the Customer etc. consent to the handling of personal data, or in case of any of the following items, our group will handle the personal data accordingly:

(1)When such handling is required to implement the contract to which the Customer, etc. is a contracting party, or when such handling is necessary at the request of the Customer, etc. prior to concluding the contract;

(2)When such handling is necessary in view of significant public interest;

(3)When such handling is necessary to present evidence, exercise rights, or make a plea during legal arguments; and

(4)When such handling is necessary to protect significant assets of the Customer, etc. or other individuals.

4. Safety and security measures

Our group will take organizational, personal, physical, and technological safety and security measures to manage the personal data of Customer, etc. properly.

5. Storage, deletion, and destruction of personal data

After storing the personal data of the Customer, etc. for the storage period specified by laws and regulations or business procedures, we will delete and destroy the personal data properly.

6. Rights of the Customer, etc. and business associates

The Customer, etc. and business associates are entitled to the following rights with respect to the personal data collected and handled by our group. Moreover, the Customer, etc. and business associates can cancel their agreement on the handling of personal data at any time. However, the cancellation of such agreement has no impact on the legality of the handling of personal data based on the agreement prior to the cancellation.

(1)The right to obtain from our group all necessary information shown in Articles 13 and 14 of GDPR regarding the handling of personal data of our group;

(2)The right to check with our group whether or not any personal data is handled, and if this is the case, the right to access such data and the information shown in Article 15 of GDPR;

(3)The right to have any incorrect personal data corrected without delay, and the right to complete any incomplete personal data;

(4)The right to have the personal data deleted without undue delay in cases where any of the terms under Article 17 of GDPR is applicable;

(5)The right to limit the handling of personal data in cases where any of the terms under Article 18 of GDPR is applicable;

(6)The right to receive the personal data structured in a general format that is machine-readable, and the right to transfer such data to another administrator without interference by our group, in cases where any of the terms under Article 20 of GDPR is applicable;

(7)The right to lodge a protest over the handling of personal data in cases where any of the terms under Article 21 of GDPR is applicable; and

(8)The right to be guaranteed that the personal data will not be subject to automated handling such as profiling in cases where any of the terms under Article 22 of GDPR is applicable.

Page Top