Hitachi Construction Machinery Co., Ltd.'s Approach to Personal Information Protection
For website visitors and other individuals who are located in the European Economic Area (“EEA”) or the UK, please see our “Privacy Notice for Individuals in the EEA” below for how we handle your personal information in accordance with the General Data Protection Regulation and other applicable data protection laws.
Definition of Personal Information
For Hitachi Construction Machinery, personal information is information maintained by us that is or can be used to identify specific persons (for example, your name, birth date, age, gender, address, phone number, e-mail address, company name, location of workplace, phone number of workplace, bank account numbers, various numbers and strings of characters assigned to you, information with respect to our products and services linked to you, information of websites accessed by you, information regarding your complaints, consultations and inquiries, and other information regarding the individual obtained by us in relation to our business operations).
This includes information that cannot be used to identify individuals by itself, but can be used to identify individuals by easy cross-referencing with other data.
Based on the Personal Information Protection Policy given below, we will pay detailed attention to, and expend the utmost efforts on, protecting and managing such information.
This “About Personal Information Protection” document establishes the handling of personal information by Hitachi Construction Machinery. In this document, “you” or “your” mean all individuals from whom we obtain personal information, including our customers of our products and/or services, suppliers and business partners, shareholders, those who attend events organized by us, job applicants to us, and those who visit us and our website.
Personal Information Protection Policy of Hitachi Construction Machinery
1. Collecting, Using, and Providing Personal Information
While carefully considering the entrusting of your personal information during company activities, Hitachi Construction Machinery will handle such information appropriately by establishing a management system for personal information protection for each type of business, and also by following stipulated rules for collecting, using, or providing personal information.
2. Compliance with Laws and Norms
For the handling of personal information, Hitachi Construction Machinery will comply with the laws and norms applicable to the protection of relevant personal information. Also, we will create and comply with personal information management rules that conform to these laws and norms.
3. Implementing Safety Management Measures
Hitachi Construction Machinery takes necessary and appropriate measures to prevent the loss, destruction, alteration or leakage of personal information and to otherwise keep personal information securely. For information on the details of the security management measures taken by us, please contact the e-mail address listed in “5. Contact” of “Purpose of Using Personal Information and Joint Use”.
4. Respecting Your Rights Regarding Your Personal Information
When you make a request to disclose, correct, add, or delete your own personal information, or seek to prevent the use or provision of such information, Hitachi Construction Machinery will respond with sincerity, respecting your rights related to your personal information.
5. Establishing Rules for Managing Personal Information Protection, and Making Continual Improvements
Hitachi Construction Machinery will make sure that executives and employees recognize the importance of personal information protection, and will steadily establish rules for managing personal information to ensure that such information is used and protected appropriately. These rules will be maintained and improved continually.
Purpose of Using Personal Information and Joint Use
1. Hitachi Construction Machinery will use personal information only to achieve the following listed purposes (hereinafter referred to as the ''PURPOSE'').
a) Provide services (specific cases for reference: ConSite, Global e-Service)
b) Deliver and/or send newsletters and e-mail newsletters, etc.
c) Manage seminars and events, etc. and deliver and/or send notices thereof
d) Carry out questionnaires, surveys and statistics, etc.
e) Respond to inquiries
f) Execute contracts
g) Execute duties under laws, regulations and norms
h) Any other purposes incidental to the above purposes
2. Hitachi Construction Machinery may provide the following companies with all or part of items of personal information to jointly use (hereinafter referred to as the “Joint Use”).
a) Our affiliated companies (of which 20% or more of issued shares are owned by us)
b) Hitachi, Ltd. and its affiliated companies (of which 20% or more of issued shares are owned by Hitachi, Ltd.)
c) Sales distributors of us or our affiliated companies
3. Personal information to be jointly used
All the information set forth in the definition of the personal information will be jointly used.
4. Purpose of the persons who jointly use the personal information
The personal information will be jointly used in order to provide services through the global networks of Hitachi Construction Machinery and improve such services within the scope of the PURPOSE.
If you have any queries or complaints on the Joint Use, please do not hesitate to contact Hitachi Construction Machinery via below-mentioned addresses. If you give notice by e-mail to us with respect to your rights (including giving notice of the PURPOSE, disclosure, correction, addition or deletion of details, suspension of use or erasure and suspension of provision to any third party) of your personal information, we will promptly respond thereto in good faith.
Please also let us know by e-mail your opinions, questions, complaints and any other inquiries relating to our protection of personal information.
To Person in charge of managing personal information, Consultation service in respect of personal information, Hitachi Construction Machinery Co., Ltd.
Ueno East Tower, 16-1, Higashiueno 2-chome, Taito-ku, Tokyo, 110-0015, Japan
Hours: 9:00 to 17:30 (excluding our non-business days such as Saturdays, Sundays, national holidays, year-end through New Year Holidays, the Golden Week Holidays (the term for the first week of May) and summer holidays)
6. Hitachi Construction Machinery will not provide personal information to a third party without obtaining your prior consent, except for the Joint Use or in the following circumstances:
a) Required by law
b) Required to protect human life, to avoid injury, or to protect assets, and when obtaining your consent would be difficult.
c) Required to co-operate with the lawful activities of a national agency, local government organization, or person or organization entrusted with such a task, and obtaining your consent would interfere, or be likely to interfere, with the carrying out of such activities.
d) Providing a third party entrusted with business by us with personal information in order to achieve the PURPOSE.
About Usage of Cookies and Web Beacons
Cookies manage our website and your web browser. A cookie may be stored as a file on your computer disk. When a cookie is used, the web server can record information such as which computer visited which pages on the website. However, HITACHI cannot identify an individual person unless the person enters his or her own personal information into the website.
(b) Web beacon
This technology, which functions with a cookie, enables the beacon owner to know how many times a customer accessed a particular page. However, unless the customer enters his or her own personal information when, or after, the cookie is accepted, HITACHI cannot identify an individual customer.
- HITACHI may modify this “About Personal Information Protection” document as appropriate to accommodate improvements in the handling of personal information, or changes or additions to laws, cabinet orders and ministerial ordinances or other norms.
Please check this document regularly.
- This “About Personal Information Protection” document goes into effect from the day it is published (including the update day).
PRIVACY NOTICE FOR INDIVIDUALS IN THE EEA
For website visitors and other individuals who are located in the European Economic Area (“EEA”)
HITACHI respects your privacy and is committed to protecting your personal data (the word “personal data” has the same meaning as that of “personal information” that is defined in the section of “definition of personal information”) in accordance with applicable regulations. The following will inform you as to how we look after your personal data that is collected through the use of our website and tell you about your privacy rights.
I. WHO WE ARE
Please refer to information about us and our contact details in 5(5) above. HITACHI’s representative in the EEA is as follows:
Hitachi Construction Machinery (Europe) N.V.
[Physical Address: Sicilieweg 5, 1045 AT Amsterdam, The Netherlands]
II. PURPOSE AND LEGAL BASIS FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, in a table format, a description of purposes for which we plan to use your personal data, and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
||Lawful basis for processing including basis of legitimate interests
|Provision of services relating to our products including Global e-Service and ConSite, and of information thereon
||Legitimate interests (provision of services to our business customers)
|Delivery and/or sending of newsletters and e-mail newsletters, etc.
||Legitimate interests (provision of information regarding products and services, and business development)
|Running seminars and events, etc. and delivery and/or sending of notice thereof
||Legitimate interests (provision of information regarding products and services, and business development)
|Carrying out questionnaires, surveys and statistics, etc.
||Legitimate interests (market research, improvement of products and services, and business development)
|Response to inquiries
||Legitimate interests (provision of information regarding products and services, and business operations)
|Performance of duties under laws, regulations and norms other than the EU legislations and domestic laws of the member states of EEA , including, in the case of responding to a court order to submit documents, responding to questions and examinations conducted by officers of tax authorities and answering to investigation-related inquiries]
||Legitimate interests (compliance with obligations under laws, regulations and norms of the countries other than of the EEA countries)
III. CATEGORY OF RECIPIENTS
We may share your personal data with the parties set out in 5(2) above for the purposes set out in II above. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable regulations.
IV. PERSONAL DATA TRANSFER OUTSIDE THE EEA
HITACHI and many of the HITACHI group companies are established in countries outside the EEA. Certain HITACHI group companies are also established within the EEA.
If a HITACHI group company within the EEA transfers your data outside the EEA then we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- We will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where you provide your personal data directly to HITACHI in Japan or to another HITACHI group company outside the EEA then your data will be handled in accordance with the protections set out in this policy. Please note, however, that Japan and such other countries outside the EEA have different laws and levels of protection for personal information and may not, from the perspective of the European Commission and European Union law, provide adequate protection for personal information, which can result in additional risks to your personal data arising.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
V. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or accounting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you
VI. YOUR LEGAL RIGHT
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Request restriction of processing your personal data
- Object to processing of your personal data
- Request transfer of your personal data
- [Right to withdraw consent]
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to exercise any of the other rights. However, we may refuse to comply with your request if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have also the right to make a complaint at any time to the relevant data protection supervisory authority. A list of the supervisory authorities is available here:
We would, however, appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.
VII. IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services).
VIII. About Usage of Cookies and Web Beacons
With regard to the usage of cookies and web beacons, please refer to information that is stated in “About Usage of Cookies and Web Beacons” above.
The Use and Appropriate Management of Personal Data
Hitachi Construction Machinery Group handles its own technical information and information received from our customers. We are working to establish and maintain the organization for data governance on high priority in Hitachi Construction Machinery Group in global under the supervision of the Chief Information Security Officer appointed by the President and Executive Officer & CEO.
Specifically, we train our employees and business partners on proper handling of data security, data protection and privacy, and conduct regular self-audits on them. In addition, we are promoting measures such as the consolidation of mission-critical systems, migration to virtual servers and cloud computing, and server robustness in preparation for damage from cyber-attacks and natural disasters. For our all companies, we are striving to strengthen information security management based on the Global Information Security Management Regulations in accordance with the international standard ISO/IEC 27001.
With the rapid development and spread of ICT and IoT in recent years, service solutions that utilize data are attracting customers’ attention in the construction and mining equipment industry. We provide high quality services to customers in the global market through “Global e-Service” and “ConSite” to support the stable operation of customer’s construction and mining machineries.
In Europe and other countries and regions around the world, various regulations regarding data protection and privacy are being discussed and are rising. Hitachi Construction Machinery Group recognizes that the operating data collected from construction and mining machineries is also important personal data entrusted to us by our customers, and we are working to ensure the protection of personal data in each country where we do business.
Hitachi Construction Machinery Group will continue to comply with “Act on the Protection of Personal Information” in Japan as well as the privacy and data protection laws and regulations of each country and region, and will also strive to respect the personal data of our customers to the maximum extent possible, and act appropriately as a member of society.