Personal Information Protection Policy
We give top priority to personal information protection as part of our corporate compliance structure, and have established Company regulations based on the Personal Information Protection Law, along with management systems relating to personal information protection. Moreover, we have defined necessary provisions for personal information protection in Company Codes of Conduct (Japanese version) as rules to be observed by Company employees, and are thoroughly implementing, maintaining and enforcing the rules among Company officers and employees.
We have stipulated the following Personal Information Protection Policy relating to personal information held by our Company.
<Personal Information Protection Policy>
- (Establishing a Personal Information Protection System)
- We make Company officers and employees recognize the importance of personal information protection by establishing and enforcing our Company's personal information protection system.
- (Collecting, Utilizing and Providing Personal Information)
- We formulate various rules concerning the collection, utilization, provision, etc. of personal information by our Company and appropriately handle personal information based on these rules.
- (Implementing Safety Measures)
- We continuously implement information security measures and other safety measures that have been in place so as to secure the accuracy and safety of personal information, and strive to prevent unauthorized access to personal information, or loss, destruction, falsification or leakage of personal information.
- (Respecting a Person's Rights Regarding His or Her Personal Information)
- We respect a person's rights regarding his or her personal information, and when he or she makes a request to reveal, correct or delete his or her own personal information, or seeks to prevent the use or provision of such information, we respond to such a request in accordance with relevant laws and regulations.
- (Observing Laws and Regulations)
- For the handling of personal information, we observe laws, regulations and standards applicable to the protection of such personal information.
- (Establishing a Department Responding to Inquiries)
- We establish a department within the Company to respond to inquiries from persons regarding their own personal information, and make public its contact information.
Privacy Policy
Each JATCO Group company (JATCO Ltd and its domestic/overseas affiliated companies, hereinafter collectively referred to as “Group Companies”) continuously strives to properly manage and protect individuals’ privacy and personal data, and to ensure transparency in the handling of such information. This web page explains how our company handles personal data regarding the following individuals.
1) The following individuals (hereinafter referred to as “Customers”)
- Visitors to websites operated by Group Companies (hereinafter referred to as “Our Site”)
- Those people who receive or view our newsletters, emails, social media posts, and other communications and materials issued by Group Companies
- Executives and employees of car manufacturers and partners that are business partners of Group Companies
2) The following individuals (hereinafter referred to as “Employees”)
- Executives and employees of Group Companies (regular employees, senior employees, contract employees, fixed-term employees, seconded employees, guest engineers, temporary employees, part-time employees, etc.)
- Those people who intend to, or have intended to, apply for the positions of executives or employees of Group Companies
- Retired employees of Group Companies
This web page contains information about how your personal data will be handled and your rights. We ask that you also check this web page when visiting Our Site. In addition, this website may be revised at any time, so please check this web page regularly when visiting Our Site.
Please note the following points when viewing this web page.
- This web page may contain clauses that do not apply to you because of your location or relationship with us.
- In the event that your personal data is used and disclosed under other circumstances than the handling of it on this website, and other privacy policies and/or notices for such circumstances are provided, such different notice and/or policy may apply to the processing of your personal data.
- This website may contain links to third-party websites that we do not operate, control, or endorse. Once you leave this website, we are not responsible for the protection and privacy of any information you provide. We suggest reading the privacy notices of these third-party websites and if needed, contacting those websites directly for information about their privacy practices.
If you have any questions, requests, or complaints regarding the handling of your personal data or the exercise of your rights, please contact us at the URL address listed below.
Data Protection Contact Form
1. About the data controller
Unless otherwise specified,
- JATCO Ltd (hereinafter “JATCO”, “our company”, “we” or “us”, headquartered at 700-1 Imaizumi, Fuji City, Shizuoka Prefecture, 417-8585, Japan), is the data controller responsible for the collection and processing of personal data for management, operational, and commercial purposes.
- In the case of job applications, the data controller for the collection and handling of the applicant’s personal data will be the JATCO Group Company that is recruiting the applicant.
2. Personal data our Group Company collects and the legal basis for processing it
“Personal data” on this web page refers to information that identifies or can identify an individual, as defined in the Japan’s Act on the Protection of Personal Information (commonly known as APPI), the European Union’s General Data Protection Regulation (commonly known as GDPR), the UK’s General Data Protection Regulation (commonly known as UK GDPR), and other laws and regulations related to the handling of personal data in each country and region related to Group Companies (hereinafter referred to as “Privacy and Personal Data Protection Laws”).
1) Customers’ personal data (hereinafter “Customer Personal Data”)
Group Companies collect and process Customer Personal Data for the following purposes, as this is necessary for the execution of contracts, such as providing products and services to Customers. The legal basis for processing Customer Personal Data in this case is Article 6(1)(b) or (f) of the GDPR and the UK GDPR and any equivalent provisions in other Privacy and Personal Data Protection Laws.
| Purpose of collection and processing | Types of personal data |
|---|---|
| Responding to customer inquiries | Name, address, email address, information about your inquiry (date and time, type of inquiry, content of inquiry) |
| Understanding customer inquiry history and details | Name, address, email address, information about your relationship with us (your relationship with us, correspondence history, your interests) |
Depending on your use of Our Site and its services, we may receive your personal data through third-party websites (such as Facebook, X, etc.) in accordance with the privacy policies and terms of use of those third parties. For example, if you visit Our Site directly through a social media platform, that platform may provide us with account information that you have made public. However, unless permitted by Privacy and Personal Data Protection Laws or with your explicit consent, we will not provide your personal data to such third parties. For more details on the recipients of Customer Personal Data, please refer to Section 4 of this web page.
2) Personal data of Employees (hereinafter “Employee Personal Data”)
Group Companies always process the Employee Personal Data based on one of the legal basis set out either in the GDPR, UK GDPR (Articles 6 and 7) or equivalent regulations of other Privacy and Personal Data Protection Laws. In addition, when Group Companies process Employee Personal Data which require special consideration, Group Companies will process the same in accordance with the special standards set out either in the GDPR, UK GDPR (Articles 9 and 10) or equivalent provisions of other Privacy and Personal Data Protection Laws.
Group Companies may collect and process Employee Personal Data when i) it is necessary for Group Companies’ business and management of Employees or when there is a legitimate interest for Group Companies, ii) it is necessary for the execution of a contract between Employees and Group Companies or for pre-contrct procedures, or iii) we have obtained the clear prior consent of Employees.
If Employees have given their consent to the collection and processing of their personal data, they have the right to withdraw their consent at any time. However, this does not affect the lawfulness of processing based on consent made before its withdrawal.
The Employee Personal Data collected and processed by Group Companies, and the purposes of collection and processing are as follows.
ⅰ) Personal data of executives and employees
| Purpose of collection and processing | Types of personal data |
|---|---|
| For business communications and internal investigations, such as monitoring PC logs, in the event of suspected fraudulent or inappropriate conduct | Name, employee number, department, job title, employment status, employee email address and emails (including logs and attachments), information on business mobile devices, etc. |
| For personnel and labor management, assignments (including reassignments, secondments, transfers, and other personnel changes), creation of employee rosters, payment of salaries, provision of employee benefits, social insurance-related procedures, various legally required procedures, and other administrative procedures necessary for personnel and labor management | Name, address, age, date of birth, gender, telephone number, photo, etc. |
| For processing administrative tasks related to the determination and payment of salaries, etc., tax withholding procedures, social insurance procedures, retirement benefits and employee benefits, property accumulation savings, and other personnel and labor management-related matters | Annual salary, monthly salary, bonuses, etc., salary determination method, retirement benefits, etc. |
| For understanding human resources (talent management), determine departments and duties, reassignment, secondment, transfer, education, training, skills development, promotion and demotion, and other administrative procedures related to personnel and labor management | Personnel evaluation, educational background, qualifications/licenses, job title, work history, work experience, disciplinary actions/awards, etc. |
| For processing wages, etc., withholding tax procedures, social insurance procedures, childcare/elderly care leave, employee benefits, and other administrative procedures related to personnel and labor management | Family structure, whether living together or apart, whether you have dependents, health status, etc. |
| For handling health management, ensuring a proper working environment, leave of absence/return to work, deciding on assignment, work hour management, and other administrative procedures related to personnel and labor management | Health condition, medical history, mental and physical disabilities, health check results, etc. |
ⅱ) Personal data of applicants
| Purpose of collection and processing | Types of personal data |
|---|---|
| For administrative communication in recruitment activities, consideration and decision of employment, consideration and decision of employment conditions, response to inquiries, and administrative processing related to personnel and labor management after recruitment | Name, address, age, date of birth, gender, telephone number, photo, etc. |
| Annual salary, monthly salary, bonuses, etc., salary determination method, etc. | |
| Educational history, qualifications/licenses, position, work history, work experience, etc. | |
| Dependent status, etc. |
ⅲ) Personal data of retired employees
| Purpose of collection and processing | Types of personal data |
|---|---|
| For creating various personnel data, contact after retirement, etc. | Name, address, age, date of birth, gender, telephone number, photo, etc. |
| Annual salary, monthly salary, bonuses, etc. during employment, salary determination method, retirement benefits, etc. | |
| Personnel evaluation during employment, academic background, qualifications/licenses, position, work history, work experience, disciplinary actions/awards, etc. | |
| Family structure, whether living together or separately, whether or not you have dependents, health status of family members and relatives, etc. | |
| Health condition, medical history, mental and physical disabilities, health check results, etc. | |
| In addition to the above purposes, for internal investigations such as PC log monitoring if any fraudulent or inappropriate action is suspected during employment | Employee number while employed, department, job title, employment status, employee email address and emails (including logs and attachments), information on business mobile devices, etc. |
3. Where we collect personal data
Group Companies obtain personal data directly from Customers and Employees. We also obtain personal data indirectly from third parties, including Group Companies.
4. Sharing of personal data
Group Companies will disclose personal data collected by Group Companies to the following third parties for the purposes described in this Privacy Policy.
- Other companies in Group Companies
- Nissan Motor Co., Ltd.
Furthermore, we may share and disclose personal data to contracted third parties only to the extent necessary for them to perform the commissioned tasks. In such cases, we will carefully select contractors, conclude necessary data processing agreements with them, and ensure the monitoring of the handling of personal data.
5. Protection of personal data
Group Companies have implemented appropriate technical and organizational measures in order to maintain a level of security well adapted to the level of risk related to the processing of your personal data. These measures aim, in particular, to protect your personal data against destruction, loss, alteration, unauthorized disclosure or access, both accidental and intentional.
However, no method of transmission of data on the internet and no method of storage (in either an electronic or a physical environment) can be entirely secure. We endeavor to protect your personal data to the best of our abilities, but we cannot guarantee an absolute security or integrity during the transmission of your data from your system to ours. Any transmission is at your own risk.
6. International transfer of personal data
When Group Companies transfer personal data from the European Union/European Economic Area/United Kingdom to Japan, we will do so based on mutual adequacy decisions between Japan and the European Union. In addition, when personal data is transferred from other countries or regions to Japan, it will be transferred in accordance with the equivalent regulations of the Privacy and Personal Data Protection Laws of those countries or regions.
If it becomes necessary to disclose or transfer your personal data to a third country, we will take appropriate legal or contractual measures to protect your personal data as required by Privacy and Personal Data Protection Laws.
Especially, protective measures shall be taken in the following cases.
- If APPI applies and we transfer your personal data outside of Japan, we will take necessary measures such as contracts based on the APPI and the related guidelines.
- In case where the GDPR applies and we transfer your personal data outside the European Union/European Economic Area/United Kingdom, we will, in the absence of an adequacy decision and after having carried out an assessment of the level of protection of your rights on the territory of the concerned third country where we deem this necessary, implement adequate measures through the adoption of appropriate safeguards (such as standard contractual clauses).
7. Retention period of personal data
Group Companies retain your personal data only for as long as necessary to achieve the purposes of processing or as required by law. Therefore, when the information is no longer needed for the processing purposes or the legal retention period has expired, the personal data will be deleted.
8. Your rights regarding your personal data
In accordance with the stipulations of the GDPR and UK GDPR, as well as equivalent provisions in other Privacy and Personal Data Protection Laws, Customers and Employees have the following rights regarding the personal data collected by Group Companies.
1) Right to request information about the processing of your personal data (Articles 13 and 14 of the GDPR and UK GDPR).
Customers and Employees have the right to request the provision of all necessary information regarding each personal data processing activity by Group Companies.
2) Right to access your personal data (Article 15 of the GDPR and UK GDPR)
Customers and Employees have the right to request confirmation from Group Companies as to whether or not we are processing personal data. When the personal data is processed by us, you have the right to access that personal data and certain related information.
3) Right to request rectification of your personal data (Article 16 GDPR and UK GDPR)
Customers and Employees have the right to request rectification without undue delay if their personal data is inaccurate or incomplete.
4) Right to request the erasure of your personal data (Article 17 GDPR and UK GDPR)
Customers and Employees have the right to request the erasure of their personal data when certain requirements are met.
5) Right to request restriction of processing of your personal data (Article 18 GDPR and UK GDPR)
Customers and Employees have the right to request the restriction of the processing of their personal data when certain requirements are met.
6) Right to object to the processing of your personal data (Article 21 GDPR and UK GDPR)
Customers and Employees have the right to object to the processing of their personal data when certain conditions are met.
7) Right to data portability (GDPR and UK GDPR Article 20)
Customers and Employees have the right to receive personal data in a structured, commonly used, and machine-readable format and to request the transfer of that personal data to another controller without being hindered by Group Companies, when certain conditions are met.
8) Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR and UK GDPR)
Customers and Employees have the right to be excluded from decisions based solely on automated data processing, including profiling, that have legal or similarly significant effects on them, when certain conditions are met.
To exercise the above rights, please contact us through the “Data Protection Contact Form” listed on this web page.
Additionally, Customers and Employees have the right to lodge a complaint with the data protection supervisory authority of their place of residence, workplace, or where the GDPR violation occurred regarding the processing of personal data by Group Companies.
9. Changes to this web page
Group Companies may revise this web page from time to time without notice in response to establishment or amendment of laws or guidelines by relevant authorities, changes in our data handling methods, changes in technology, etc. We encourage you to visit this web page to check the latest information regarding the collection, use, and sharing of your personal data.
First edition publication date: December 9, 2024
