Hitachi Construction Machinery Co., Ltd.'s Approach to Personal Information Protection
As a global supplier that provide construction machinery, parts, services and solutions, Hitachi Construction Machinery Co., Ltd. (hereinafter referred to as “HITACHI”) handles a variety of information: including our own technical information, and information entrusted to us by customers. Given this situation, and to ensure that such information is treated with the respect it deserves, HITACHI has established an information control system and is implementing it thoroughly.
In light of these issues, together with the specification of rules and establishment of a management system, HITACHI has fixed the personal information protection policy given below, informed executive staff and workers, and is striving to protect personal information appropriately by following this policy.
For website visitors and other individuals who are located in the European Economic Area (“EEA”), please see our Privacy Notice for Individuals in the EEA below for how we handle your personal information in accordance with the General Data Protection Regulation and other applicable European data protection laws.
Definition of Personal Information
For HITACHI, personal information is information maintained by HITACHI that is or can be used to identify specific persons (for example, his or her name, birth date, age, gender, address, phone number, family structure, hobbies, preferences, e-mail address, place of employment, affiliations, location of workplace, phone number of workplace, credit card numbers, bank account numbers, various numbers and strings of characters assigned to him or her, information with respect to merchandise, products and services of HITACHI linked to such persons, information of websites accessed by him or her, information regarding his or her complaints, consultations and inquiries, information regarding his or her physical, physiological, genetic, mental, economic, cultural and social identity, and other information regarding the individual obtained by HITACH in relation to its sales activities, services and operations).
This includes information that cannot be used to identify individuals by itself, but can be used to identify individuals by easy cross-referencing with other data.
Based on the Personal Information Protection Policy given below, HITACHI will pay detailed attention to, and expend the utmost efforts on, protecting and managing such information.
This “About Personal Information Protection” document establishes the handling of personal information by HITACHI.
Personal Information Protection Policy of HITACHI
1. Collecting, Using, and Providing Personal Information
While carefully considering the entrusting of customer information during company activities, HITACHI will handle such information appropriately by establishing a management system for personal information protection for each type of business, and also by following stipulated rules for collecting, using, or providing personal information.
2. Following Laws and Norms
For the handling of personal information, HITACHI will follow the laws and norms applicable to the protection of relevant personal information. Also, HITACHI will create and follow personal information management rules that conform to these laws and norms.
3. Implementing Safety Measures
To ensure the correctness and safety of personal information, in accordance with the rules for information security, HITACHI will implement various measures (such as managing access to personal information, restricting the means for transporting personal information outside the company, and preventing incorrect access from outside the company), and strive to prevent any problems with personal information (such as the loss, destruction, falsification, or leakage of information).
4. Respecting Your Rights Regarding Your Personal Information
When you make a request to disclose, correct, or delete your own personal information, or seek to prevent the use or provision of such information, HITACHI will respond with sincerity, respecting your rights related to that personal information.
5. Establishing Rules for Managing Personal Information Protection, and Making Continual Improvements
HITACHI will make sure that executive staff and workers recognize the importance of personal information protection, and will steadily establish rules for managing personal information to ensure that such information is used appropriately and is protected. These rules will be maintained and improved continually.
Purpose of Using Personal Information, and Providing to Third Parties
1. HITACHI will use personal information only to achieve the following listed purposes (hereinafter referred to as the ''PURPOSE'').
a) To provide services (specific cases for reference: ConSite, Global e-Service)
b) To deliver and/or send newsletters and e-mail newsletters, etc.
c) To run seminars and events, etc. and to deliver and/or send notices thereof
d) To carry out questionnaires, surveys and statistics, etc.
e) To respond to inquiries
f) To execute contracts
g) To execute duties under laws, regulations and norms
h) To achieve any other purposes incidental to the above purposes
2. HITACHI may provide following companies (hereinafter referred to as ''HITACHI GROUP'') with all or part of items of personal information to jointly use only to achieve the PURPOSE.
a) HITACHI’s affiliated companies (of which 20% or more than 20% of issued shares are owned by HITACHI)
b) Hitachi, Ltd. and its affiliated companies (of which 20% or more than 20% of issued shares are owned by Hitachi, Ltd.)
c) Sales distributors of HITACHI or HITACHI’s affiliated companies
3. Personal information to be jointly used
All the information set forth in the definition of the personal information.
4. Purpose of the persons who jointly use the personal information
The personal information will be jointly used in order to provide services through the global networks of HITACHI and improve such services in compliance with the above PURPOSES to the extent necessary and within the extent as provided for in (2) above.
5. Person in charge of managing the personal information to be jointly used
Person in charge of managing personal information, Consultation service in respect of personal information, Hitachi Construction Machinery Co., Ltd.
HITACHI’s department designated in “About Requests to Disclose Personal Information or Reception of Complaints” below handles inquiries or complaints relating to the joint use stipulated herein. If you give notice by facsimile or e-mail to HITACHI with respect to the disclosure, etc. (including giving notice of the PURPOSE, disclosure, correction, addition or deletion of details, suspension of use or erasure and suspension of provision to any third party) of your personal data maintained by HITACHI, HITACHI will promptly respond thereto in good faith.
Please also let HITACHI know by facsimile or e-mail your opinions, questions, complaints and any other inquiries relating to HITACHI’s handling of personal information.
Contact for questions and complaints:
To Person in charge of managing personal information, Consultation service in respect of personal information, Hitachi Construction Machinery Co., Ltd.
Ueno East Tower, 16-1, Higashiueno 2-chome, Taito-ku, Tokyo, 110-0015, Japan
(Hours: 9:00 to 17:30 (excluding our non-business days such as Saturdays, Sundays, national holidays, year-end through New Year holidays, the Golden Week holidays and summer holidays))
6. HITACHI will not provide personal information to a third party without obtaining your prior consent, except for the joint use stipulated in the previous provision or in the following circumstances:
a) When required by law
b) When required to protect human life, to avoid injury, or to protect assets, and when obtaining your consent would be difficult.
c) When required to co-operate with the lawful activities of a national agency, local government organization, or person or organization entrusted with such a task, and obtaining your consent would interfere, or be likely to interfere, with the carrying out of such activities.
d) When providing a third party entrusted with business by HITACHI with personal information in order to achieve the PURPOSE.
About Usage of Cookies and Web Beacons
Cookies manage our website and your web browser. A cookie may be stored as a file on your computer disk. When a cookie is used, the web server can record information such as which computer visited which pages on the website. However, HITACHI cannot identify an individual person unless the person enters his or her own personal information into the website.
(b) Web beacon
This technology, which functions with a cookie, enables the beacon owner to know how many times a customer accessed a particular page. However, unless the customer enters his or her own personal information when, or after, the cookie is accepted, HITACHI cannot identify an individual customer.
- HITACHI may modify this “About Personal Information Protection” document as appropriate to accommodate improvements in the handling of personal information, or changes or additions to laws, cabinet orders and ministerial ordinances or other norms.
Please check this document regularly.
- This “About Personal Information Protection” document goes into effect from the day it is published (including the update day).
PRIVACY NOTICE FOR INDIVIDUALS IN THE EEA
For website visitors and other individuals who are located in the European Economic Area (“EEA”)
HITACHI respects your privacy and is committed to protecting your personal data (the word “personal data” has the same meaning as that of “personal information” that is defined in the section of “definition of personal information”) in accordance with applicable regulations. The following will inform you as to how we look after your personal data that is collected through the use of our website and tell you about your privacy rights.
I. WHO WE ARE
Please refer to information about us and our contact details in 5(5) above. HITACHI’s representative in the EEA is as follows:
Hitachi Construction Machinery (Europe) N.V.
[Physical Address: Sicilieweg 5, 1045 AT Amsterdam, The Netherlands]
II. PURPOSE AND LEGAL BASIS FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of purposes for which we plan to use your personal data, and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
||Lawful basis for processing including basis of legitimate interests
|Provision of services relating to our products including Global e-Service and ConSite, and of information thereon
||Legitimate interests (provision of services to our business customers)
|Delivery and/or sending of newsletters and e-mail newsletters, etc.
||Legitimate interests (provision of information regarding products and services, and business development)
|Running seminars and events, etc. and delivery and/or sending of notice thereof
||Legitimate interests (provision of information regarding products and services, and business development)
|Carrying out questionnaires, surveys and statistics, etc.
||Legitimate interests (market research, improvement of products and services, and business development)
|Response to inquiries
||Legitimate interests (provision of information regarding products and services, and business operations)
|Performance of duties under laws, regulations and norms other than the EU legislations and domestic laws of the member states of EEA , including, in the case of responding to a court order to submit documents, responding to questions and examinations conducted by officers of tax authorities and answering to investigation-related inquiries]
||Legitimate interests (compliance with obligations under laws, regulations and norms of the countries other than of the EEA countries)
III. CATEGORY OF RECIPIENTS
We may share your personal data with the parties set out in 5(2) above for the purposes set out in II above. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable regulations.
IV. PERSONAL DATA TRANSFER OUTSIDE THE EEA
HITACHI and many of the HITACHI group companies are established in countries outside the EEA. Certain HITACHI group companies are also established within the EEA.
If a HITACHI group company within the EEA transfers your data outside the EEA then we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where you provide your personal data directly to HITACHI in Japan or to another HITACHI group company outside the EEA then your data will be handled in accordance with the protections set out in this policy. Please note, however, that Japan and such other countries outside the EEA have different laws and levels of protection for personal information and may not, from the perspective of the European Commission and European Union law, provide adequate protection for personal information, which can result in additional risks to your personal data arising.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
V. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or accounting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you
VI. YOUR LEGAL RIGHT
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Request restriction of processing your personal data
- Object to processing of your personal data
- Request transfer of your personal data
- [Right to withdraw consent]
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to exercise any of the other rights. However, we may refuse to comply with your request if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have also the right to make a complaint at any time to the relevant data protection supervisory authority. A list of the supervisory authorities is available here:
We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.
VII. IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services).
VIII. About Usage of Cookies and Web Beacons
With regard to the usage of cookies and web beacons, please refer to information that is stated in “About Usage of Cookies and Web Beacons” above.
The Use and Appropriate Management of Personal Data
Hitachi Construction Machinery Group handles its own technical information and information received from our customers. We are working to establish and maintain the organization for data governance on high priority in Hitachi Construction Machinery Group in global under the supervision of the Chief Information Security Officer appointed by the President and Executive Officer & CEO.
Specifically, we train our employees and business partners on proper handling of data security, data protection and privacy, and conduct regular self-audits on them. In addition, we are promoting measures such as the consolidation of mission-critical systems, migration to virtual servers and cloud computing, and server robustness in preparation for damage from cyber-attacks and natural disasters. For our all companies, we are striving to strengthen information security management based on the Global Information Security Management Regulations in accordance with the international standard ISO/IEC 27001.
With the rapid development and spread of ICT and IoT in recent years, service solutions that utilize data are attracting customers’ attention in the construction and mining equipment industry. We provide high quality services to customers in the global market through “Global e-Service” and “ConSite” to support the stable operation of customer’s construction and mining machineries.
In Europe and other countries and regions around the world, various regulations regarding data protection and privacy are being discussed and are rising. Hitachi Construction Machinery Group recognizes that the operating data collected from construction and mining machineries is also important personal data entrusted to us by our customers, and we are working to ensure the protection of personal data in each country where we do business.
Hitachi Construction Machinery Group will continue to comply with “Act on the Protection of Personal Information” in Japan as well as the privacy and data protection laws and regulations of each country and region, and will also strive to respect the personal data of our customers to the maximum extent possible, and act appropriately as a member of society.