Handling of Personal Information
NIPRO Group (hereinafter referred to as the "Company") declares that all officers and employees of the Company (hereinafter referred to as "Employees, etc.") give due consideration to the importance of various information held by the Company, comply with applicable laws and regulations and adhere to the following Personal Information Basic Policy for the purpose of handling information of all individuals with whom the Company has relationships, including its customers, shareholders and employees (hereinafter referred to as "Personal Information," including specific personal information).
1. Policy for Undertakings
The Company carries out the following undertakings for the purposes of contributing to the realization and smooth operation of the Basic Policy from the viewpoint of CSR (corporate social responsibility).
- The Company complies with laws and regulations stipulated by our country and applicable regulations stipulated by other foreign countries concerning the protection and handling of Personal Information and makes efforts to improve such handling of Personal Information from time to time.
- The Company makes internal regulations clear and makes efforts to have Employees, etc. learn and practice them thoroughly. Also, the Company implements education, training or other programs as needed.
- The Company gives careful consideration to the privacy of each person and makes efforts to protect their Personal Information in cooperation with concerned organizations, customers and other entities.
- The Company takes effective safety control measures to prevent leakage, loss or alteration of Personal Information and, in case of any accident, takes measures to prevent a recurrence properly and promptly.
- If the Company receives requests of disclosure, correction or other matters from a person, the Company responds to and deals with such requests in good faith.
2. Acquisition and Utilization of Personal Information
When the Company acquires Personal Information, the purpose of utilization of the relevant Personal Information is made clear in advance, and it is properly utilized and handled within the scope necessary for the achievement of the purpose of utilization (except in cases where such utilization may encourage or lead to illegal or unjust behavior).
When the Company intends to utilize Personal Information beyond the scope necessary for the achievement of the purpose of utilization, the Company obtains the consent of the person in advance.
However, if laws and regulations have special provisions for the acquisition and utilization of Personal Information, the Company complies with such provisions.
(1) Purpose of utilization of Personal Information relating to customers
- Acceptance of various applications, transaction contracts for development, sale and purchase, outsourcing, etc.;
- Mediation and introduction of products, etc., e-mail distribution services, distribution of samples, etc.;
- Control of customer data, responses to claim settlements and consultation, research, questionnaires, campaigns, prizes;
- Application, notification, reporting, etc.to government agencies, etc.for the achievement of administrative purposes in the areas of tax, social security, disaster countermeasures and so on;
(2) Purpose of utilization of Personal Information relating to medical doctors, dentists, pharmacists, nurses, pharmacies, drug stores and other medical care professionals, as well as patients, clinical trial participants, study subjects and other users of Company products (including previous users and persons planning to use in the future)
- Provision and collection of information on proper use of medical devices, drugs, quasi-drugs, etc.;
- Provision and collection of information on quality, safety or efficacy of medical devices, drugs, quasi-drugs, etc.;
- Research and study in the areas of medicines, pharmacology, medical devices and drugs;
- Provision and collection of information such as academic information on medical care;
- Requests and implementation of clinical trials, post-marketing surveillance, etc.
(3) Authentication of and information of members on internet sites for medical professionals
- Acceptance of various applications, transaction contracts for development, sale and purchase, outsourcing, etc.;
- Application, notification, reporting to government agencies, etc.
(4) Purpose of utilization of Personal Information relating to shareholders
- Action for the exercise of rights and performance of obligations based on the Companies Act and the Commercial Act;
- Action for research, distribution and inquiries relating to the application of Company’s benefits system and the dividend payment for shareholders, etc.
- Preparation and disclosure of materials based on laws and regulations or similar grounds;
- Application, notification, report to government agencies, etc.
(5) Purpose of utilization of Personal Information relating to persons desiring a visit to facilities of the Company and to visitors
- Explanation and treatment at the time of use and visit
- Control of entry and exit
- Responses to inquiries after the visit or exit
(6) Purpose of utilization of Personal Information relating to persons making inquiries on products, services, content of business, etc.of the Company
- Study, coordination and action for consultation, information, etc.
- Information and provision to providers of products and services, medical professionals, etc.
- Application, notification, report to government agencies, etc.
(7) Purpose of utilization of Personal Information relating to Employees, etc.(including retired employees) and their family members
- Calculation of wages, welfare, education and training, position change, employment transfers, risk control, health care, other personnel and labor management, public relations within and outside the Company;
- Information and provision to labor unions, mutual aid associations, employees’ stockholding programs, subsidiaries, etc. and business alliance partners;
- Action regarding labor-related laws and regulations for retired employees and other information in case of emergency
- Application, notification, reporting, etc.to government agencies, etc.for the achievement of administrative purposes in the areas of tax, social security, disaster countermeasures and so on;
(8) Purpose of utilization of Personal Information relating to job applicants and persons obtaining unofficial job offers
- Examination, decisions and notices of employment;
- Information on examination procedures and results thereof;
- Information on the implementation of pre-enrollment procedures and other matters.
3. Provision of Personal Information to Third Parties
The Company does not provide Personal Information to third parties except for cases where the consent of the relevant person is obtained in advance or laws and regulations specifically set forth such provision.
However, if laws and regulations prohibit the provision of Personal Information to third parties even if the consent of the relevant person is obtained, the Company complies with such prohibition.
4. Acquisition, Utilization and Provision of Information Linked to Identifiers Such as Cookies
Our website uses cookies or similar technologies for some content.
A cookie is information stored by the browser you use when you access a website, which does not include Personal Information such as your name or e-mail address. We may use cookies for effective delivery of advertisement to those who have accessed our website or for analysis of traffic. You can set your browser to reject cookies.
5. Disclosure, Correction, Addition, Deletion, Discontinuance of Utilization, etc. of Personal Information
If the Company is requested by the relevant person to disclose, correct, add, delete, discontinue the utilization, etc.of Personal Information, the Company carries out the necessary investigation without delay and complies with such request within a reasonable period and suitable scope.
However, if laws and regulations specifically provide, and the Company has a legitimate reason for not complying with the request of the person in respect of the Personal Information, in whole or in part, the Company takes necessary measures such as notifying the person of the reason therefor.
6. Establishment of Organizational System for Security Control Measures
The Company establishes an organizational control system for proper handling of Personal Information taking into account the size and type of the business and other factors regarding the status of the operation.
7. Implementation of Security Control Measures
The Company establishes and maintains internal regulations to ensure that the acquisition, utilization, storage, provision, deletion, disposal, etc. of Personal Information by Employees, etc. is properly handled and takes the following measures as necessary to ensure that such regulations are complied with and fully practiced:
Establishment of rules concerning the handling of Personal Information
The Company puts in place the Personal Information handling regulations and their bylaws as well as information security related regulations to define operational rules concerning the handling of Personal Information and ensure appropriate security of its information assets.
Organizational Security Control Measures
- The Company handles Personal Information under the authority and responsibilities of the President as the personal information management supervisor. Additionally, the head of each group company and business division is responsible for appropriate operational management of Personal Information as personal information control manager under the direction of the management supervisor.
- The Company has established a system for promptly reporting any suspected leakage of Personal Information to the Crisis Management Office. Also, the status of handling of information assets including personal data is subject to regular self-inspections and audits by the information manager and reported to the information security division.
Physical Security Control Measures
- The security of the buildings, facilities and areas with important information assets is controlled strictly through automated security systems and access control of outsiders and Employees, etc. without appropriate authority.
- When deleting personal data, the Company takes steps to ensure that it cannot be restored.
Technical Security Control Measures
- The Company is working on building a system for managing highly confidential data including Personal Information on a cloud server with access control, where there is no risk that the data may be damaged in cases of loss or accident.
- For information terminal devices and electronic storage media such as PCs and smartphones on which personal data may be handled, measures have been introduced to prevent information leakage in cases of theft, loss, etc. such as controlled password authentication as well as remote lock and remote deletion, as necessary.
Human Security Control Measures
- Employees, etc. pledge in writing, when joining the Company, to comply with specific points of note regarding the handling of confidential information.
- Employees, etc. who use terminals managed by the Company are provided with regular and special training on specific points of note regarding the handling of personal data.
8. Outsourcing of handling of Personal Information
The Company will delegate any parts of the handling of Personal Information to outside suppliers, etc. to the extent necessary for business execution to the minimum necessary.
In this case, the Company would provide the Personal Information as long as the Company could conclude a proper contract with the outside suppliers with thorough safety control measures.
9. Shared use of Personal Information
- The Company shares Personal Data of its Employees, etc. and their families, recruitment applicants, etc. with the Company's domestic and overseas group subsidiaries and affiliates.
[Information Content] Name, address, work information, mail address, telephone number, fax number, company name / affiliation, job title / background, and other personnel / labor management information - The Company shares Personal Data of the inventor, creator, breeder, applicant, behalf of the applicant with the Company's domestic and overseas group subsidiaries and affiliates.
[Information Content] In addition to the above (1), identification information etc. concerning government official registration. - NIPRO CORPORATION and NIPRO ES PHARMA shares Personal Data contained in Altmark's medical database. For details on the items of Personal Data to be used jointly, the scope of persons to use jointly and the purpose of use of those who use it, please visit the following website.
https://www.ultmarc.co.jp/privacy/shared_use/ - Manager responsible for management: NIPRO CORPORATION
10. Handling of Masked Information and Anonymized Information
The Company handles properly, in accordance with the standards stipulated in laws and regulations, information concerning an individual obtained from Personal Information processed in such a way that the specific individual cannot be identified unless compared with other information (masked information) or such a way that the relevant Personal Information cannot be restored (anonymized information), and information on the processing method, etc. therefor (“Information on Processing Method, etc.”).
11. Leakage, etc. of Personal Information
If leakage, etc. of Personal Information occurs and it is considered likely to harm the rights and interests of an individual, the Company will report to the Personal Information Protection Commission and notify the relevant individual.
12. Response to Consultations and Claims
If the Company receives requests of consultations and claims from a person whose Personal Information is held by the Company, the Company promptly and properly researches and responds to eliminate the causes of such consultations and claims and, if necessary, makes efforts to implement measures to prevent a recurrence, to guide Employees, etc. and have them learn and practice the measures thoroughly and to maintain and improve the organizational system and structure.
13. Authorized Personal Information Protection Organization to Which the Company Belongs
The Company is a target entity of "The Federation of Pharmaceutical Manufacturers’ Association of Japan," which is an authorized personal information protection organization authorized by the Minister of Health, Labour and Welfare.
The Federation corresponds to claims and consultations about the handling of personal information by the target business operator.
<Contact for Inquiries>
The Federation of Pharmaceutical Manufacturers’ Association of Japan, Center for the Protection of Personal Information
Website: http://www.fpmaj.gr.jp/
14. Contact for Inquiries
Please contact the following address for inquiries on personal information.
3-26, Senriokashinmachi, Settsu, Osaka, 566-8510, Japan
Nipro Corporation Governance Supervise Department, In Charge of Personal Information
TEL: (06) 6310-6907 FAX: (050) 3204-7011
e-mail: crline@nipro.co.jp