Privacy Policy

Global Privacy Policy for SB-KAWASUMI LABORATORIES

Effective date: March 15, 2024
Last updated: March 15, 2024


SB-KAWASUMI LABORATORIES, INC. (“SB-KAWASUMI,” “we,” or “our”; the same applies hereinafter) process the personal data of customers and other similar trading partners of SB-KAWASUMI (including prospects, business contacts, potential trading partners and persons who access our websites; the same applies hereinafter) (collectively, “Data Subjects,” unless specified otherwise) as follows.

In addition to this Global Privacy Policy, which applies to all of our customers who use the Services, we have prepared exhibits that may also apply to you depending on the area in which you reside or are located. In such case, please refer to the applicable exhibits. If this Global Privacy Policy conflicts with the country-specific exhibits, such exhibits will prevail.
・Exhibit: EEA (European Economic Area) and the UK


1.Categories of personal data subject to processing

We process the following personal data of customers and other similar trading partners (including, in this Article, personal information under the Act on the Protection of Personal Information of Japan).

- Contact information and identification data. Name, address, e-mail address, telephone or mobile phone number, your signature, gender, birth date, your account details (e.g. log-in to portal or website)
- Official identification numbers. VAT Tax number, passport number (when we help you obtaining a permit), national ID number, license plate number (when you visit our premises), social security number, professional registration number.
- Financial data. bank account number and bank details, payment terms and credit limits (for suppliers)
- Professional data. language skills, professional knowledge or expertise, certifications, references and other information you could find on a resume, your job title and the company you work for, any mandates you may hold, your professional location and travel data (for business contacts we know are flying in to attend an event), professional remuneration, evaluation and performance reports (e.g. for our consultants), memberships or network contacts (e.g. when we meet you at an event or get in touch with you through someone within your network)
- Electronic localization data. whereabouts on the premises (based on badge data)
- Preferences, interests, lifestyle or behavior. the products or activities you are interested in, the events you attend, the news or information you have requested or, your purchasing history (e.g. also through cookies, logs, expenses, …)
- Health and clinical data. medical certificates of employees/contactor; clinical data, health data, medical history, testing results, medical images and other relevant data included in the hospital patient file
- Image data. photographs, radiographic images, pictures, videos, surveillance images
- Data of website visitors. cookies, IP address, geographical location, operating system, information about your visits and use of websites such as your browsing histories


2.Purpose of processing

We process personal data (including, in this Article, personal information under the Act on the Protection of Personal Information of Japan) for the following purposes and other similar purposes permitted by applicable laws and regulations. In addition, we may de-identify or aggregate personal data.

- To contact you for specific requests or inquiries (for example to obtain consultancy services, to respond to your queries);
- To manage our business relationship;
- To communicate with you (via meeting, regular mail, email, telephone or other means) about our products and/or services;
- To share with you information that might be of your interest;
- To identify your interest as an existing or potential customer or user in particular products or services for marketing and product/services promotion (prospecting and profiling), to provide you better support and to better respond to your inquiries and needs and of those of our patients;
- To detect, prevent, investigate fraud and including (cyber) security monitoring and prevention; 
- To develop, enhance, improve, or modify our products and services;
- To invite you to provide feedback or participate in customer surveys, market research and surveys to develop or improve our products and related services;
- To use your personal data for our overall customer relationship management (CRM);
- To authorize you to access our website; 
- To manage tenders, orders, logistics and collection of payments;
- To invite you to participate in pre- and post-market research, including research or surveys in the fields of medicine, pharmacology and medical devices;
- To manage product failures, including field safety corrective actions and recalls;
- To manage grants and donations;
- To contact you in emergency situations such as natural disasters when you are visiting us;
- To guide and treat you when visiting our facilities and to manage your inquiries, your answers to our questionnaires and so on after your leaving our facilities;
- To protect our legal rights (including disputes and litigation) and ensure security and protection of our organization, our customers, patients and the public in general;
- To comply with laws, regulations, industry standards (such as vigilance reporting and transparency reporting), public authority requests, and court orders;
- To prevent and detect fraud and other offences and to ensure compliance;
- To notify you about changes to our website and ensure the ongoing accuracy and relevance of your data.
- To provide patient support including handling of patients’ complaints
- To process payments
- To develop and improve our products
- To acquire regulatory approval from health authorities


3.Legal basis, etc. for processing

We process the personal data in accordance with the legal bases under the applicable data protection regulations (such as the consent of the Data Subject, performance of contractual obligations, legitimate interests, and compliance with laws and regulations).
The provision of the personal data may be mandatory for various reasons, such as being a statutory or contractual requirement or being a necessary condition for entering into a contract. Specific details are as follows.

- The provision of information such as cookies that are strictly necessary for the use of our websites and user activities obtained by those cookies, IP addresses, and types of web browsers is a necessary condition for using our websites. If the Data Subject does not provide this information, the Data Subject might not be permitted to use our websites.
- In any other case where the Data Subject does not provide us with the Data Subject’s personal data despite the fact that the provision of that personal data is a necessary condition, we might not be able to provide the Data Subject with products, services, or the like of SB- KAWASUMI (including our websites).

We do not make any decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
Further, for the European Economic Area (EEA) and the United Kingdom (UK), we provide a description of each legal bases linked to their respective processing purpose in the Exhibit.


4.Retention period for personal data

In order to decide the appropriate retention period for personal data, we consider the following: the volume, nature, and confidentiality of the personal data; the potential risk of damage caused by unjust use or disclosure of the personal data; the purposes for which we process the personal data, and whether we can achieve those purposes by other means; and applicable legal requirements. If the Data Subject’s personal data collected by us becomes no longer necessary, we will delete or anonymize the personal data, or if such measures are impracticable (for example, if the personal data has been stored in back-up archives), we will retain the Data Subject’s personal data safely until its deletion becomes practicable and ensure that any new processing will not be conducted with respect to the Data Subject’s personal data.


5.Sources of personal data

We collect the Data Subject’s personal data directly from the Data Subject (including in cases where personal data is obtained automatically). However, we may obtain the Data Subject’s personal data indirectly from a third party other than the Data Subject in the following cases.

- When obtaining personal data from other companies within same group as SB-KAWASUMI
- When a customer or any other similar trading partner is an entity, and we obtain the personal data of the entity’s officers and employees from the entity
- When obtaining personal data from website traffic analysis service providers, such as Google LLC
- Any other cases where personal data is lawfully obtained from a third party (including public information)
 
We may also infer your personal data if necessary to pursue “2. Purpose of processing “ above.


6.Sharing of personal data

We may share personal data set out in “1. Categories of personal data subject to processing” above with third parties in the following cases:

- sharing of personal data with other companies within Sumitomo Bakelite Co., Ltd. and subsidiaries and affiliates of Sumitomo Bakelite Co., Ltd. (The scope of entities is described in List of Group Companies (Domestic, within Japan) and List of Group Companies (Overseas with regard to Japan))(*); 
- sharing of personal data with processors (meaning service providers that provide services necessary for our business activities; including distributors of products and services, service providers that provide cyber security services, credit reference agencies, banks and financial institutions, website traffic analysis service providers such as Google LLC, attorneys, accountants, financial advisors, and similar service providers) to fulfil the purpose stated in “2. Purpose of processing” above;
- sharing of personal data with health authorities and industrial associations in order to comply with the regulations on such as vigilance, transparency report, clinical trial, application for regulatory approval, product recall and other reports.;
- sharing of personal data associated with potential acquirer or investor in case of the corporate sale, merger, acquisition, joint venture or other corporate transactions related to us;
- sharing of personal data that is required by laws or orders of governmental agencies and the like;
- sharing of personal data with a third party that is (i) necessary for the protection of the life, body, or property of SB-KAWASUMI and other companies within same group, the Data Subject, or a third party, and (ii) permitted by applicable data protection regulations;
- sharing of personal data with the consent of the Data Subject; and
- sharing of personal data that is otherwise permitted under applicable data protection regulations.
 

(*) Regarding joint use of personal data under the Act on the Protection of Personal Information of Japan
We may jointly use personal data stated in “1. Categories of personal data subject to processing” above to fulfil the purpose stated in “2. Purpose of processing” above on the grounds of joint use under the Act on the Protection of Personal Information of Japan. Sumitomo Bakelite Co., Ltd.
(Address: 5-8 Higashi-Shinagawa 2-chome, Shinagawa-ku, Tokyo 140-0002, Japan / Name of representative: Representative Director, President Kazuhiko Fujiwara) shall be responsible for the management of personal data that is jointly used.



7.Cross-border transfer of personal data

We may transfer personal data to the following countries and regions and other countries and regions to which transfer of personal data is required to fulfil the purpose stated in “2. Purpose of processing” above:

- Japan 
- United States
- UK
- Italy
- Spain
- Serbia
- Germany
- France
- Portugal
- Switzerland
- Russian Federation
- India
- Indonesia
- Singapore
- Thailand
- Pakistan
- Philippines
- Vietnam
- Malaysia
- South Korea
- Taiwan
- China
- New Zealand
- Turkey
- Jordan

Upon transferring personal data to any of the countries and regions listed above, we take appropriate protection measures required by the data protection regulations of that country or region.

Further, for the European Economic Area (EEA) and the United Kingdom (UK), we provide a description of the third countries and transfer mechanisms in the Exhibit.


8.Safety management measures

We will take necessary and appropriate measures such as countermeasures against unauthorized access and countermeasures against computer viruses to prevent loss, destruction, falsification, leaking, and the like of personal data.
We will exercise necessary and appropriate supervision over our employees, and contractors, etc. to protect personal data.


9.Regarding cookies, etc.

Cookies and other technologies are used on the our websites. A cookie is a technology used to identify the browser used to browse a website. For details of our use of cookies and to manage our use of cookies, please refer the following link:.
  • Cookies Settings

  • 〇 Regarding the use of Google Analytics
    We may use Google Analytics for analytics and marketing purposes.
    With Google Analytics, customer information is collected using cookies, etc. For more information about how Google Analytics collects and uses information when a Data Subject uses our websites, please visit http://www.google.com/policies/privacy/partners.

    To opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaoptout.


    10.Data Subjects’ rights

    We respect the rights the Data Subjects hold under the applicable data protection regulations of each country or region. For example, to the extent granted under the applicable data protection regulations of each country or region, each of the Data Subjects may have rights such as the following: right to access; right to rectification; right to erasure; right to restriction of processing; right to objection to processing; right to withdraw consent (it may be granted if the Data Subject has given consent regarding certain types of processing activities; however, the Data Subject’s withdrawal of consent does not affect the lawfulness of processing conducted based on the Data Subject’s consent before the withdrawal.); right to data portability; and right not to be subject to automated decision-making.  The Act on the Protection of Personal Information of Japan grants the right to request the following in relation to retained personal data (meaning retained personal data prescribed in Article 16, paragraph 4 of the Act on the Protection of Personal Information of Japan): notification of the purpose of use; disclosure; correction, addition, or deletion of content; suspension of use, erasure, or suspension of third-party provision; and disclosure of records of third-party provision (meaning records of third-party provision prescribed in Article 37, paragraph 2 of the Act on the Protection of Personal Information of Japan).
    A Data Subject wishing to exercise the Data Subject’s rights granted under the data protection regulations of the country or region in question may contact us using the contact details stated in “11. Contact details” below.


    11.Contact details

    For questions and inquiries regarding this Global Privacy Policy, please contact us using the contact details below: 
    SB-KAWASUMI LABORATORIES, INC.
    General Affairs Dept.
    contact@sb-kawasumi.jp

    Please check this Link for the address of SB-KAWASUMI LABORATORIES, INC. and the name of its representative director.

    Further, for the European Economic Area (EEA) and the United Kingdom (UK), we provide the contact details of our representatives in the Exhibit.


    12.Amendment to the Global Privacy Policy

    If we intend to amend this Global Privacy Policy, we may amend all or part of, or make an addition to, this Global Privacy Policy by publishing that amendment or addition on our websites or giving notice by any other method that we deem appropriate.  In such a case, the post-amendment version of this Global Privacy Policy will be applied from the earlier of the date on which you use our product or service or access our websites for the first time after receiving such notice, or the date stated in such notice.

    Exhibit: EEA (European Economic Area) and the UK

    Effective Date: March 15, 2024
    Last updated: March 15, 2024


    This exhibit is with respect to the GDPR and the United Kingdom (UK) GDPR (hereinafter collectively referred to as the “GDPR”) that apply to the processing of your personal data by us if you are located or reside in the European Economic Area (EEA) or the UK.

    1.Purposes and legal basis, etc. for processing

    We process your personal data for the purposes set forth below and on the following legal bases:

    〇 When processing is necessary for the performance of a contract (GDPR Art. 6(1)(b))
    ・If data subjects (natural persons) are our customers, to contact you for specific requests or inquiries (for example to obtain consultancy services, to respond to your queries);
    ・If data subjects (natural persons)  are our customers, to manage tenders, orders, logistics and collection of payments; and
    ・If data subjects (natural persons) are our customers, to process payments;

    〇 When processing is necessary for the pursuit of legitimate interests (GDPR Art. 6(1)(f))
    ・Unless data subjects (natural persons) are our customers, to contact you for specific requests or inquiries (for example to obtain consultancy services, to respond to your queries);
    ・Unless data subjects (natural persons) are our customers, to manage tenders, orders, logistics and collection of payments; and
    ・Unless data subjects (natural persons) are our customers, to process payments;
    ・To authorize you to access our website;
    ・To manage our business relationship;
    ・To communicate with you (via meeting, regular mail, email, telephone or other means) about our products and/or services;
    ・To detect, prevent, investigate fraud and including (cyber) security monitoring and prevention; 
    ・To develop, enhance, improve, or modify our products and services;
    ・To invite you to provide feedback or participate in customer surveys, market research and surveys to develop or improve our products and related services;
    ・To use our personal data for our overall customer relationship management (CRM);
    ・To invite you to participate in pre- and post-market research, including research or surveys in the fields of medicine, pharmacology and medical devices;
    ・To contact you in emergency situations such as natural disasters when you are visiting us;
    ・To guide and treat you when visiting our facilities and to manage your inquiries, your answers to our questionnaires and so on after your leaving our facilities;
    ・To prevent and detect fraud and other offences and to ensure compliance;
    ・To notify you about changes to our website and ensure the ongoing accuracy and relevance of your data; 
    ・To provide patient support and donor support;
    ・To develop and improve our products;
    ・To share with you information that might be in your professional interest;
    ・To identify your interest as an existing or potential customer or user in particular products or services for marketing and product/services promotion (prospecting and profiling), to provide you better support and to better respond to your inquiries and needs and of those of our patients;
    ・To manage grants and donations;
    ・To protect our legal rights (including disputes and litigation) and ensure security and protection of our organization, our customers, patients and the public in general; and
    ・To acquire regulatory approval from health authorities other than in the EU and its Member States or UK;

    〇 When processing is necessary for compliance with a legal obligation (GDPR Art. 6(1)(c))
    ・To comply with EU and its member state or UK laws, regulations, industry standards (such as vigilance reporting and transparency reporting), public authority requests, and court orders;
    ・To manage product failures, including corrective field safety actions and recalls; and
    ・To acquire regulatory approval from health authorities in the EU and its Member States or in the UK;
     
    〇 When your consent is obtained in advance (GDPR Art. 6(1)(a))
    ・To conduct direct marketing which requires the consent of data subjects under applicable laws and regulations; and
    ・To use cookies (other than strictly necessary cookies) and similar technologies which requires the consent of data subjects under applicable laws and regulations.
     


    2.Cross-Border Transfer of Personal Data

    When we transfer personal data outside the EEA (European Economic Area) or the UK, we implement appropriate safeguards based on an adequacy decision with respect to countries determined to provide adequate protection (GDPR Art. 45) or by entering into Standard Contractual Clauses adopted by the European Commission (GDPR Art. 46(2)(c) and Art. 46(5)) or the ICO Addendum to the Standard Contractual Clauses with respect to other countries (UKGDPR Art. 46(2)(d). If you wish to receive a copy of documents regarding these safeguards, please contact us at the contact details provided in “11. Contact details” of our Global Privacy Policy. 

    The countries that we may transfer your personal data to on the basis of Standard Contractual Clauses are:

    - Japan
    - United States
    - Serbia
    - Russian Federation
    - India
    - Indonesia
    - Singapore
    - Thailand
    - Pakistan
    - Philippines
    - Vietnam
    - Malaysia
    - Taiwan
    - China
    - Turkey
    - Jordan

    Countries to which we transfer personal data based on an adequacy decision are as follows: 
    ・UK (Please click here with respect to the details of the adequacy decision.)
    ・Switzerland (Please click here with respect to the details of the adequacy decision.)
    ・South Korea (Please click here with respect to the details of the adequacy decision.)
    ・New Zealand (Please click here with respect to the details of the adequacy decision)
    ・Japan (Please click here with respect to the details of the adequacy decision.)

    3.Your Rights

    You have the following rights.

    - Obtaining information regarding data processing: You have the right to obtain from us some information regarding our data processing activities concerning you (GDPR Art. 13 and Art. 14).
    - Access to personal data: You have the right to obtain from us confirmation of whether personal data concerning you is being processed, and if it is being processed, you have the right to access the personal data regarding yourself (GDPR Art. 15).
    - Rectification and erasure of personal data: You have the right to obtain from us rectification without undue delay of inaccurate personal data concerning you and you have the right to have incomplete personal data completed (GDPR Art. 16). When certain conditions are met, you also have the right to have us erase without undue delay personal data concerning you (GDPR Art. 17).
    - Restriction of processing of personal data: When certain conditions are met, you have the right to have us restrict the processing of personal data concerning you (GDPR Art. 18).
    - Objection to processing of personal data: When certain conditions are met, you have the right to object to the processing of personal data concerning you (GDPR Art. 21(1)).
    - Objection to direct marketing: You have the right to object at any time to the processing of personal data for direct marketing purposes (GDPR Art. 21(2)).
    - Data portability of personal data: When certain conditions are satisfied, you have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from us (GDPR Art. 20).
    - Withdrawal of consent: You have the right to withdraw your consent at any time using the means separately specified when we obtained your consent; ; such withdrawal shall not affect the validity of the consent until the withdrawal..
    - Not being subject to automated decision making: When certain conditions are met, you have the right not to be subject to a decision based on automated processing (not involving a human being) that produces legal effects concerning you or similarly significantly affects you (GDPR Art. 22).
    - You may lodge a complaint with a data protection supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR (GDPR Art. 77).


    4.Contact Details of Legal Representative

    We have appointed DataRep as our Data Protection Representative for the purposes of the GDPR. If you have any questions to us or wish to exercise your rights related to personal data, you may contact DataRep from your country by using one of the following methods.

    • Contact by e-mail at datarequest@datarep.com
      please make sure to insert “SB-KAWASUMI LABORATORIES, INC.” in a subject box.
    • Contact by post
      please send your inquiry to the address listed below.
      For inquiry by post, please make sure to write “DataRep” in the address.
    Contact DataRep by mail at

    Country Address
    Austria DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
    Belgium DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
    Bulgaria DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
    Croatia DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
    Cyprus DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
    Czech Republic DataRep, Platan Office, 28. Října 205/45, Floor 3&4, Ostrava, 70200, Czech Republic
    Denmark DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
    Estonia DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
    Finland DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
    France DataRep, 72 rue de Lessard, Rouen, 76100, Franceタ
    Germany DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
    Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
    Hungary DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
    Iceland DataRep, Kalkofnsvegur 2, 3rd Floor, 101 Reykjavík, Iceland
    Ireland DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
    Italy DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy
    Latvia DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
    Liechtenstein DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
    Lithuania DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
    Luxembourg DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
    Malta DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
    Netherlands DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
    Norway DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway
    Poland DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
    Portugal DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
    Romania DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
    Slovakia DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
    Slovenia DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
    Spain DataRep, Calle de Manzanares 4, Madrid, 28005, Spain
    Sweden DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
    Switzerland DataRep, Leutschenbachstrasse 95, ZURICH, 8050, Switzerland
    United Kingdom DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom