TORAY PRIVACY STATEMENT
PLEASE READ THIS PRIVACY STATEMENT CAREFULLY
1. OUR PRIVACY STATEMENT
The protection of your personal data is of great importance to Toray Group worldwide and in particular the affiliates of TORAY Industries Co. Ltd., Japan in the EU (such European entities jointly “TORAY”). TORAY is committed to protecting the personal data that you share with us. This Privacy Statement (the “Privacy Statement”) therefore intends to inform you about how TORAY, acting as data controller, collects, uses and shares your personal data. We also act as data controller when we process your personal data received or obtained through third-parties.
This Privacy Statement only applies to the data processing procedures for the websites of TORAY (the “Websites”), and information submitted through contact forms on our Websites and emails sent to TORAY. Other websites of TORAY’s affiliate companies (TORAY and its affiliates jointly “TORAY Group”) outside of the EU are not covered by this Privacy Statement and they will provide their own specific data protection statements/policies.
By using our Websites, you consent to the collection and use of your personal data as described in this Privacy Statement. You also acknowledge that TORAY may periodically change, update or remove this Privacy Statement at its sole discretion.
We process this personal data in accordance with the applicable EU and Member State regulations on data protection, the most notable of which is, the General Data Protection Regulation No 2016/679 (the “GDPR”).
We encourage you to read this Privacy Statement carefully. If you do not wish your personal data to be used by us as set out in this Privacy Statement, please do not provide us with your personal data. Provision of your personal data is voluntary, and you are not required by law or contract to provide your personal data to us. However, please note, that if you elect not to provide your personal data, we may not be able to provide you with our services, you may not have access to and/or be able to use some features of the Websites, and your customer experience may be impacted.
2. HOW DO WE USE YOUR PERSONAL DATA?
We process personal data only if you provide such data to us of your own accord (e.g. by registering, making a contact request, filling in forms or sending emails).
The legal basis for processing data is our legitimate interest pursuant to point (f) of Article 6(1) GDPR in promoting a better customer experience and effectively responding to your personal needs. For example, we use your data for gathering statistical data, etc. necessary to carry out publicity and investor relations activities, providing information and services to shareholders, our business management and internal management. If your contact to us is aimed at entering into a contract, the additional legal basis for the processing is point (b) of Article 6(1) GDPR. If processing is necessary for compliance with a legal obligation to which the controller is subject, the additional legal basis for the processing is point (c) of Article 6(1) GDPR. We will always process your personal data based on one or more of the legal basis provided for in the GDPR (Articles 6 and 7).
Please be aware that, where we process your personal data based on your consent, you are entitled to withdraw your consent at any time, and you can do so without affecting the lawfulness of processing based on your consent before the withdrawal.
We will process your data for these specified, explicit and legitimate purposes only, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our applicable legal obligations, to ensure that we provide an adequate service, and to support our business activities.
3. WHAT TYPES OF PERSONAL DATA DO WE USE?
When you access our website on your device, our server automatically collects certain browser- or device-generated information (so called server log files):
- date and time of access
- duration of visit
- your operating system
- volume of data sent
- type of access
- IP address
- domain name
- browser information including version and language setting
We process this data on the basis of GDPR Article 6 (1) point f, as they are required for us to provide the service, to enhance customer experience, and to ensure technical operation and to investigate and remove malfunctions. It is in our interest to ensure the use and technical operability of our website. This data is automatically processed when our website is accessed. Unless they are provided, you cannot use our services. We usually erase these data after one year at the latest, unless, under exceptional circumstances, we need them for a longer period for the above-mentioned purposes. In such a case we erase the data as soon as they are no longer required for the relevant purpose.
- your name (required)
- your e-mail address (required)
- the content of your message
- the company you’re working for and the department (optional)
- your address or the address of the company you’re working for (optional)
- your phone number (optional)
- date and time of your message
The collected data will not be automatically disclosed to third parties. We only use this data to reply to your enquiry as soon as possible. For getting back to you, we will use either your e-mail address or your phone number. IP-addresses are collected to prevent misuse of our Websites.
The legal basis of the data processing is our legitimate interest pursuant to Art. 6(1)(f) GDPR for the purposes of ensuring a dialog between our (potential) customers and ourselves, as well as providing a high-quality customer experience.
4. HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data with other entities of TORAY Group, within the scope of the purposes for such information sharing set forth below. Personal data that can be shared:
- your name
- your e-mail address
- the content of your message
- the company you’re working for and the department
- your address or the address of the company you’re working for
- your phone number
- date and time of your message
Persons with whom the personal data can be shared:
All direct and indirect subsidiaries of TORAY Industries, Inc., Tokyo, Japan. A list of the companies of the TORAY Group can be found here: http://www.toray.eu/europe/group/
Purpose of the information sharing:
To provide customers with products and services related to our business and with information about those products and services; and to carry out research and development of new products and services.
If we share your data with a data processor, we will put the appropriate legal framework in place in order to ensure that such transfer and processing are secure (Articles 26, 28 and 29 GDPR). Furthermore, if we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to make sure that such transfers are sufficiently protected (Article 44 GDPR).
Legal Comp liance and Security
If we are compelled by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence, it may be necessary for us to disclose your personal data. We may also disclose your personal data if we determine that, for the purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and to pursue available remedies, enforce our terms and conditions, investigate fraud, or to protect our operations or users.
Such disclosures may involve transferring your personal data out of the European Union to Japan. Such transfer may take place for employee or business management purposes by the Company. For each of these transfers, we make sure that we provide an adequate level of protection over the data transferred, specifically by entering into standard contract clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.
We will not use your personal data for online marketing purposes unless you have expressly consented to such use of your personal data.
5. OUR RECORDS OF DATA PROCESSES
We handle records of all of our processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31 GDPR).
6. SECURITY MEASURES
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures designed to implement data-protection principles in an effective manner, and we integrate the necessary safeguards into the processing to achieve this level of protection (Article 25(1) and 32 GDPR).
Our Websites are cryptographically secured using Secure Socket Layer-encryption (SSL). This ensures a safe communication between the browser and the server as well as a safe data transfer. If a website is using this encryption, it can be easily spotted by checking its URL. If it starts with “https://”, it is using named encryption.
In case your browser is not compatible with the SSL-encryption, please make sure to download the latest version of a compatible browser.
We will retain your personal information for as long as it is necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
7. NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY AUTHORITIES
In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
8. PROCESSING LIKELY TO RESULT IN HIGH RISK TO YOUR RIGHTS AND FREEDOMS
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 GDPR). If any such data processing activity is identified, we will assess it internally and either halt it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it. We may from time to time conduct a data protection impact assessment, especially when we contemplate implementing a new data processing method utilizing new technologies.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
9. YOUR RIGHTS
You have the following rights regarding personal data collected and processed by us.
Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
Access to personal data: You have the right to obtain from us written confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information such as the purpose of the processing and the categories of personal data concerned (Article 15 GDPR).
Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 15 GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 GDPR).
Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions apply (Article 8 GDPR).
Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply (Article 21 GDPR).
Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions apply (Article 20 GDPR).
Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply (Article 22 GDPR).
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with your local Data Protection Supervisory Authority. A list with the contact details of the respective Data Protection Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en
You can also lodge your complaint with the relevant Lead Data Protection Supervisory Authority for the TORAY, which is as follows:
Landesbeauftragter für Datenschutz und Informationsfreiheit des Landes Hessen
Prof. Dr. Michael Ronellenfitsch
P. O. box 3163
phone: +49 611 1408 – 0
fax: +49 611 1408 – 611
Our products and services are intended for adult customers. Thus, we do not knowingly collect and process information on children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible. If you become aware that a child under sixteen (16) has provided us with personal data, please contact us immediately by using the contact address specified in Section 13 of this Privacy Statement.
11. LINKS TO OTHER SITES AND THIRD PARTY SERVICES
We may propose hypertext links from the Websites to third-party Websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
On certain individual webpages of our Websites, we use the Google Maps API provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This service lets us show you where our sites are located and makes it easier for you to get there.
When Google Maps is embedded in a webpage, your IP address is transmitted directly to Google as soon as you visit such a webpage, and a cookie is stored. You can obtain information about, and opt out of, data processing by Google anytime at: http://policies.google.com/privacy?hl=en&gl=de.
12. UPDATES TO PRIVACY STATEMENT
We shall observe all applicable laws, regulations, guidelines and any other standards related to the handling of Customer's Personal Information, and shall periodically review and improve this Privacy Statement as provided above. We may revise or update this Privacy Statement in our sole discretion from time to time. Any changes to this Privacy Statement will become effective upon the posting of the revised Privacy Statement via the Services. If we make changes which we believe are significant, we will inform you through the Websites to the extent possible and seek your consent where applicable.
If you have any further queries and complaints regarding data protection in connection with our Websites or the services offered, please contact our internal data protection supervisor or our data protection officer.