Privacy Notice

Personal information protection

Privacy Notice

1. Purpose of enactment of this Notice

In the event that Daifuku Co., Ltd. and its group companies (“Daifuku”) collect personal data concerning an individual (“Data Subject”), Daifuku shall handle personal data as set out below. The handling of personal data about officers and employees of Daifuku shall be determined separately in accordance with privacy notice implemented within Daifuku.

2. Lawfulness of processing

Daifuku processes personal data when the law allows it to and it has the Data Subject’s consent and usually when Daifuku has one of the following legal bases:

  • where it is necessary for Daifuku’s legitimate interests for processing of personal data;
  • where it is necessary for the performance of a contract into which Daifuku has entered with the Data Subject; and where Daifuku needs to comply with any legal obligations.

3. Types of personal data collected

3.1. Daifuku collects the following types of personal data

3.1.1. Types of personal data collected from customers, business partners, shareholders and investors:

  • Basic information used to identify the Data Subject (e.g., name, date of birth, gender);
  • information needed to contact the Data Subject (e.g., telephone number, mobile number, email address); and
  • technical information that could be used to identify the Data Subject (e.g., IP address, type and version of browser used).

3.1.2. Types of personal data collected from job applicants, those wishing to visit the company or its exhibition center and those who access the Daifuku website:

  • personal information on the CV (e.g., name, qualifications, work experience, salary expectation, notice period);
  • visitors’ information that could be used to control access to the site and ensure site security (e.g., image, vehicle registration, company name); and
  • technical information that could be used to identify the Data Subject (e.g., IP address, type and version of browser used).

3.2. Daifuku does not collect the following personal data without the prior explicit consent of the Data Subject:

  • data about political opinions or religious beliefs; and
  • data concerning health.

4. Purpose of collection and use

Daifuku generally uses the personal data it collects for the purposes shown below.

4.1. Personal data collected from customers and business partners (includes potential customers and business partners):

  • to provide the products and services handled by Daifuku, to provide information about these products and services and to process invoices for payment;
  • to plan, research and develop products and services;
  • to deal with inquiries;
  • to conduct negotiations and meetings, to contact customers and business partners and to execute business operations relating thereto; and
  • to conduct accounting audits.

4.2. Personal data collected from shareholders and investors (includes potential shareholders and investors):

  • to manage shareholders, investors and shares;
  • to allow shareholders to exercise their rights and to fulfill obligations;
  • to prepare documents and create records and data in accordance with applicable national laws;
  • to provide data to shareholders; and
  • to otherwise take action in accordance with the provisions of laws or directives, guidance, etc. issued by the authorities.

4.3. Personal data collected from job applicants, those wishing to visit the company or its exhibition center and those accessing the Daifuku website:

  • to conduct recruitment activities and business operations related thereto;
  • to provide information, refreshments, etc. to visitors to Daifuku’s offices or its exhibition center; and
  • to control access to the site and ensure site security.

5. Rights of the Data Subject

5.1 Protected rights of the Data Subject

With respect to personal data managed by Daifuku, you have certain rights pursuant to the applicable personal data protection laws, which may include the following rights of the Data Subject:

  • the right to be informed (the right to be informed about the details such as the identity of the controller, the purposes of the processing, legitimate interests pursued by the controller, and when the controller collects personal data);
  • the right of access (the right to obtain from the controller confirmation as to whether or not personal data is held concerning him or her);
  • the right to rectification (the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her);
  • the right to erasure (the right to obtain from the controller the erasure of personal data concerning him or her);
  • the right to restrict processing (the right to obtain from the controller restriction of processing);
  • the right to data portability (the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit to another controller without hindrance from the controller);
  • the right to object (the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her);
  • the rights in relation to automated decision-making and profiling (the right not to be subject to a decision based solely on automated processing, including profiling); or
  • the right to withdraw the consent to process personal data.

5.2 Point of contact for exercise of the above rights

If you have any questions about the processing of your personal data or wish to exercise any of the above rights, please contact the person in charge of Privacy Notice from the link here.
You can find the relevant entity from the link here.

 

If you would like to contact us by mail, please send it to the following address.
Information Asset Management Promotion Department
Daifuku Co., Ltd.

3-2-11 Mitejima
Nishiyodogawa-ku
Osaka 555-0012
Japan

6. Provision to a third party

To fulfill the purposes set out in “4. Purpose of collection and use” above, Daifuku may provide personal data to group companies of Daifuku specified in the list here.

 

Besides, Daifuku may entrust the processing of personal data to a third party. In this case, Daifuku shall enter into an agreement with the processor stipulating that the processor:

  • processes the personal data only on documented instructions from Daifuku;
  • commits to confidentiality;
  • takes all measures required to ensure data security;
  • assists the exercise of the Data Subject’s rights; and
  • returns all the personal data (including copies) to Daifuku once the purpose of processing ceases to exist.

7. Records of data processing

As the controller of the personal data, Daifuku manages records of the processing of personal data in its possession. Daifuku also periodically updates records of the processing of this personal data.

8. Retention period

Daifuku retains personal data for the minimum period necessary to achieve the abovementioned purposes of collection of personal data and only for the amount of time required by law or for accounting purposes or similar reporting requirements.

9. Data security

Daifuku properly implements organizational security management measures, including developing and applying regulations such as the Information Security Basic Policy, as well as technical security management measures such as the anonymization and encryption of personal data, and the establishment of a periodic inspection process.

 

In processing sensitive personal data, Daifuku takes appropriate security measures to ensure that the rights and interests of individuals are not affected.

10. Notification of personal data breaches

In case of a data leak or other breach of security, Daifuku has put in place a framework for reporting to the supervisory authorities responsible for protecting personal data within the required timeframe, and also engages in appropriate communication with the Data Subject.

11. Transfer to a third country

Daifuku may transfer personal data to a company located in the third countries outside your country of residence. Such third countries may not have personal data protection laws as comprehensive as those that exist in your country of residence, and the same level of protection as that set forth in the personal data protection laws in your country may not necessarily be guaranteed. In such case, Daifuku shall implement necessary safety management measures pursuant to the requirements of any and all the applicable laws.

12. Revisions and updates to this Notice

Daifuku may revise or update this Privacy Notice from time to time. Any revisions or updates to this Privacy Notice will become effective upon posting of the revised or updated Privacy Notice on Daifuku’s website.

 

Enacted: April 1st, 2023