Contact Us

Privacy Policy

Privacy Policy

1. About this Policy

This Policy applies to the Processing of Personal Data by Tohoku Steel Co., Ltd. (“Tohoku Steel”, or “we”/“us”/“our”) regarding its contact persons (“Business Partner Contact”/“you”/“your”) at customers, dealers, distributors, contractors and subcontractors, suppliers and professional advisers (“Business Partners”). We recognize the importance of Personal Data and the need to observe applicable laws and regulations governing the protection of Personal Data, in order to Process Personal Data in a lawful and appropriate manner.

2. Definitions

In this Policy:

  1. (a)“Personal Data” means any information relating to an identified or identifiable natural person;
  2. (b)“Process/Processing” means any activity or operation that is carried out in respect of the Personal Data, such as collecting, storing, using, transferring, or deleting it.

3. How we collect your Personal Data and what Personal Data we collect

We may collect information that you provide to us, whether by means of a form on our website, by email, in a letter, or otherwise, such as your name, company name, address, division, title, email address and phone number. In some circumstances, we may be provided such information relating to you by another organization.

When you visit our website, we may automatically collect technical information about your equipment and your interaction with the website, including cookies and your IP address.

4. Purpose of Processing Personal Data

We use the Personal Data that we hold about you for the following purposes (and only to the extent necessary to fulfil those purposes):

  1. (a)to communicate with Business Partners;
  2. (b)to respond to inquiries, requests, etc. from Business Partners;
  3. (c)to provide information on products, services, events, etc. and to conduct public relations activities;
  4. (d)to perform duties related to the performance of contracts and transactions with Business Partners and to perform related and incidental duties;
  5. (e)to conduct research and development activities and related and incidental operations;
  6. (f)to submit various applications and reports to government and public agencies;
  7. (g)to carry out various internal and external group activities and related and incidental operations;
  8. (h)to communicate with Affiliates, subcontractors, etc. and to exchange information necessary for the performance of business; and
  9. (i)to carry out other business activities of the Tohoku Steel Co., Ltd. and other operations related or incidental to the above purposes.

5. Disclosure of Personal Data to recipients and joint use of Personal Data

We may share your Personal Data, without your prior consent, with the following categories of recipients. We may also supply or disclose Personal Data to third parties when it is necessary for another justifiable reason permitted by laws and regulations.

(a)

Affiliates: We may share your Personal Data with our Affiliates;

(Joint use of Personal Data)

Under Japanese law, we may share your Personal Data with our Affiliates in the framework of joint use under the Act on the Protection on Personal Information, the details of which are as follows:

Entity with which personal data is shared Affiliates (please refer to the companies listed in the "Domestic Group" section of our website (https://www.daido.co.jp/en/about/index.html) for the scope of “Affiliates”)
Purpose of sharing
  • to provide information and contacts regarding various products, services, events, etc. offered by Affiliates;
  • to respond to inquiries and requests from Business Partners; and
  • to properly and smoothly carry out other Daido Group operations.
Personal data to be shared Name, age, gender, date of birth, name of company/organization, department, title/position, qualifications, personal history and contact information.
Party responsible for management of personal data Affiliates that acquire and share the relevant Personal Data.
Please refer to Section 9 below for our address and the name of our representative.
(b)

Service providers: We may disclose your Personal Data to service providers, including IT service providers.

6. Storage period for Personal Data

We will retain the Personal Data that we collect for the period necessary to Process such Personal Data, and for a term not exceeding 10 years after the completion of our business, except to the extent that we are required by law to retain it for a longer period of time, in which case, we will retain it for the period required by law.

7. Your rights

You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:

  1. (a)Right to obtain information regarding the Processing of the relevant Personal Data and to access the relevant Personal Data that we hold;
  2. (b)Right to request rectification of the relevant Personal Data if it is inaccurate or incomplete;
  3. (c)Right to request erasure of the relevant Personal Data in certain circumstances;
  4. (d)Right to request that we restrict our Processing of the relevant Personal Data in certain circumstances;
  5. (e)Right to object to our Processing of the relevant Personal Data;
  6. (f)Right to receive the relevant Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such Personal Data to a recipient where this is technically feasible; and
  7. (g)Right to withdraw your consent to our Processing of the relevant Personal Data at any time.

You may exercise any of your rights by contacting us, using the information about us indicated in Section 9 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights have been infringed by us.

8. Security control measures

We take all necessary and appropriate security control measures, including measures to prevent the leakage, loss, or damage of Personal Data to be Processed, such as establishing rules for the Processing of Personal Data, training of employees in the Processing of Personal Data, and prevention of theft or loss of equipment Processing Personal Data.

You may obtain further details about the security control measures we have in place in relation to the Processing of your Personal Data by contacting us using the information about us indicated in Section 9 below.

9. Contact details

If you have any questions about this Policy, your rights, or any other matter relating to the protection of your Personal Data, please contact us at the following address:

  1. (a)Address of head office: 23 Nishigaoka, Murata, Murata-machi, Shibata-gun, Miyagi 989-1393 Japan
  2. (b)Department: General Affairs & Human Resources Dept.
  3. (c)Name of representative: Takahashi Takayuki
  4. (d)Email address: inquiries@tohokusteel.com
  5. (e)Telephone number: +81-224-82-1010

For Business Partner Contacts in the EEA and the UK

This section applies to Business Partner Contacts in the EEA and the UK.

1. Legal basis

The legal basis for Processing your Personal Data is as follows:

  1. (a)Contract. This is where we need to Process your Personal Data to perform the contract we enter into with you.
  2. (b)Legitimate Interests. This is where the Processing of your Personal Data is necessary for legitimate interests pursued by us or a third party (e.g. to respond to your inquiries) and your interests and fundamental rights do not override those interests. You may obtain further details about legitimate interests by contacting us using the information about us indicated in Section 9 above.
  3. (c)Consent. This is where you have given consent for us to Process your Personal Data. The withdrawal of your consent shall not affect the lawfulness of Processing performed based on the consent before your withdrawal.
  4. (d)Legal obligation. This is where the Processing of your Personal Data is required by the law to which we are subject.

2. Transfers of Personal Data outside the EEA or the UK

Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK. Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:

  1. (a)the recipient destination has been subject to a finding from the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Data; or
  2. (b)the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of personal data as required by data protection laws, with us.

In the absence of the aforementioned appropriate safeguards, we may – to the extent permitted under and in accordance with the GDPR - rely on a derogation applicable to the specific situation at hand (e.g. the data subjects’ explicit consent, the necessity for the performance of a contract, the necessity for the establishment, exercise or defense of legal claims). You can obtain more details of the protection given to your personal data when it is transferred outside the EEA or the UK by contacting us using the information about us indicated in Section 9 above.

For Business Partner Contacts in Thailand

This section applies to Business Partner Contacts in Thailand.

1. Legal basis

The legal basis for Processing your Personal Data is as follows:

  1. (a)Contract. This is where we need to Process your Personal Data to perform the contract we enter into with you.
  2. (b)Legitimate Interests. This is where the Processing of your Personal Data is necessary for legitimate interests pursued by us or a third party (e.g. to respond to your inquiries) and your interests and fundamental rights do not override those interests. You may obtain further details about legitimate interests by contacting us using the information about us indicated in Section 9 above.
  3. (c)Consent. This is where you have given consent for us to Process your Personal Data. The withdrawal of your consent shall not affect the lawfulness of Processing performed based on the consent before your withdrawal.
  4. (d)Legal Obligation. This is where the Processing of your Personal Data is required by the law to which we are subject such as tax law.

2. Transfers of Personal Data outside Thailand

Your Personal Data may be transferred to, and stored by, a third party outside Thailand. Where we transfer your Personal Data to a third party outside Thailand, we will ensure that:

  1. (a)the recipient destination has adequate data protection standard in accordance with the rules for the protection of Personal Data as prescribed by the Personal Data Protection Committee under Section 16(5) of the Personal Data Protection Act;
  2. (b)it is necessary for compliance with laws;
  3. (c)with your consent where you are aware of the inadequate personal protection standards of the recipient destination;
  4. (d)it is necessary for the performance of a contract which you are a party, or for taking steps as your request prior to entering into a contract;
  5. (e)it is necessary for the performance of a contract with other persons or juristic persons for your interests;
  6. (f)to prevent or suppress a danger to your life, body, or health or other persons, when you are incapable of giving the consent at such time;
  7. (g)it is necessary for carrying out the activities in relation to substantial public interest;
  8. (h)the recipients are ones of our Affiliates where there is standard data protection clauses that have been approved by the Office of Personal Data Protection Committee and the transfer is carried out in accordance with such approved clauses; or
  9. (i)the recipients are ones where there is suitable protection measures which is enable the enforcement of your rights, including effective legal remedial measures according to the rules and methods as prescribed and announced by the Personal Data Protection Committee.

For Business Partner Contacts in China

This section applies to Business Partner Contacts in China.

1. Handling methods

We handle the collection, storage, use, processing, transmission, provision, disclosure, and deletion of Personal Data.

2. Processing of Sensitive Personal Information

When handling sensitive personal information, we shall take the measures required by the Personal Information Protection Law of the People's Republic of China (hereinafter referred to as the "Law" in this item), such as informing Business Partner Contacts of the necessity of handling sensitive personal information and its impact on personal rights and interests.

3. Provision of Personal Data

In the event that we provide your Personal Data to a third party other than a contractor to whom we entrust the Processing of Personal Data, we will take the measures required by law, such as notifying you of the name or names of the third party, contact method, purpose of Processing, Processing method, and type of Personal Data.

In addition, if we provide your Personal Data to a third party outside of China, we will take the measures required by law, such as notifying you of the name of the third party, contact method, purpose of Processing, Processing method, type of Personal Data, and methods and procedures for exercising the rights stipulated by law against the third party.