Handling of Customers' Personal Information
Created: April 1, 2005
Updated: April 1, 2017
THK CO., LTD.
CEO Akihiro Teramachi
Our business is built on our dealings with stakeholders: our customers, of course, but also our shareholders and investors, business partners, and employees.
Managing and protecting the personal information and privacy of our stakeholders is crucial to earning their trust and building long-term positive relationships.
To this end, we have adopted the following basic guidelines for handling personal information and will manage and protect all personal information as stated here.
1. We will abide by all applicable laws and regulations concerning the handling of personal information, make all employees and others involved aware of the importance of protecting personal information, establish rules to ensure correct handling, implement these rules without fail, and continuously improve our processes.
2. We will establish suitable systems for the protection of personal information, taking into account the size and nature of operations in different departments, and handle the collection, use, provision (including provision to subcontractors), disclosure, amendment, suspension of use, and deletion of personal information appropriately and in line with the specified provisions.
3. We will implement safety measures, including information security measures, to ensure the integrity and safety of personal information, and make constant efforts to prevent unauthorized access to or loss, destruction, falsification, leaking, etc. of personal information.
Updated: June 22, 2020
Please see below for information regarding the personal information we collect ("Personal Information"): the purpose of use, specific details of how it is handled, and how to contact us with inquiries.
1. Personal Information We Collect
1-1. How we use your information
We only collect Personal Information where necessary to inform our business objectives or where needed to carry out business activities, and this Personal Information is used for the following purposes.
- Requests to do business with customers and business partners, internal confirmation of business activities with customers and other associated parties, evaluating and deciding on these business activities, entering into agreements, fulfilling, managing, and terminating agreements, and procedures after contract termination
- Providing information about our products and services or those of our group companies
- Checks and inquiries for products and services provided to our business partners
- Publicizing and confirming attendance for our seminars, exhibitions, etc., or those held by our group companies, communicating with speakers, sending reports to people who attended events or took part in surveys
- Confirming visits and entry to our premises
- Sending our publications to people who request them, and sending emails to people who sign up to our email service
- Asking customers to fill out customer satisfaction surveys
- Responding to inquiries or requests from customers and business partners
- Exercise of our shareholders' rights and fulfillment of our obligations under company law, as well as implementing various other measures to ensure effective communication with our shareholders, properly identifying our shareholders and promoting mutual understanding including through the creation of standards-compliant data as stipulated by relevant laws and regulations
- Communicating with employees of affiliated organizations and providing information that meets their objectives
- Communicating our research and development activities to members of research institutions, discussion of matters subject to (1) above under joint development agreements or development contracts, attendance at research meetings, and nomination for academic prizes
- Patent applications and management of patent applications with joint applicants
- Communicating with journalists, analysts, etc. for PR activities
- Receiving job applications when recruiting, communicating with applicants, notifying success/failure of applications, etc.
- Communicating with certified public accountants, lawyers, patent attorneys, etc. as required in the course of our business activities
- Communicating with group companies for business activities other than the above
- Notices to retired employees and other parties
- Communicating with the families of our employees
- Sharing of information for contracts and as necessary for business activities with subcontractor workers, contract employees, dispatched employees, part-time employees, and temporary employees
- Information provision from our company and our group companies incidental to the purposes of use described above
Note: Group companies are companies inside or outside Japan in which we directly or indirectly hold 20% or more of total shareholder voting rights.
1-2. Subcontracting to third parties
To ensure the smooth operation of the business, we may subcontract certain activities to third parties inside or outside Japan and entrust them with the Personal Information required to carry out these activities, only as required for the stated purpose. In such cases, we select the third party only after verifying that they handle Personal Information appropriately, enter into an agreement for handling Personal Information, and ensure that they are appropriately monitored.
1-3. Joint use
We sometimes make joint use of Personal Information together with our group companies, agents, dealerships, and vendors. In such cases, Personal Information subject to joint use will be limited to the individual's name, place of work, home and business addresses, phone number, fax number, and email address, and its use will be limited to providing information on joint products and services and announcements for joint seminars, exhibitions, etc. We are responsible for managing Personal Information subject to joint use.
Note: Agents and dealerships are companies that have entered into agreements with us and are allowed to present themselves as our agents or dealerships, and vendors are companies other than agents or dealerships who are directly authorized by us to sell our products.
1-4. Use for other purposes
If it becomes necessary to use Personal Information for purposes other than those described in "1-1. How we use your information", the individual will be notified or the use will be publicly announced or put in a format readily accessible to the individual, except where the individual has already given permission or where required by law. Changes to how we use Personal Information will only be made to the extent that there is reasonably acknowledged to be a connection with the previous purposes.
1-5. Provision of personal information to third parties
We will not provide Personal Information to third parties except in the following circumstances.
- Where the individual has consented
- When sharing statistical or other data that does not contain information that is personally identifiable
- When providing Personal Information to subcontracted third parties when subcontracting certain business activities to third parties, to the extent required to carry out the business activities, and only as required for the stated purpose (see 1-2. "Subcontracting to third parties")
- When using Personal Information jointly with group companies, agents, dealerships or vendors, only as required for the stated purpose (see 1-3. "Joint use")
- When providing Personal Information in connection with a business succession due to a merger or for other reasons
- When providing Personal Information to a third party located in a foreign country (who has established a system that complies with the standards set forth in the Act on the Protection of Personal Information)
- As required by law
- Where it is difficult to get permission from the individual, but providing the information is necessary to preserve life, ensure personal safety or protect property
- Where it is difficult to get permission from the individual, but providing the information is essential to improving public health or promoting sound child development
- Where required to assist national agencies, regional public bodies or their representatives in the course of carrying out their duties as defined by law, and where obtaining permission from the individual might obstruct said duties
2. Measures Taken for Security Management
We will take the following measures to ensure that Personal Information held by us is securely managed.
- To ensure the proper handling of Personal Information, we have established basic policies for compliance with relevant laws, regulations, guidelines, etc. and contact points for handling questions and complaints.
- We have established rules for handling Personal Information regarding the handling method, persons in charge, and their duties for each stage of acquisition, use, storage, provision, deletion, disposal, etc.
- In addition to appointing a person responsible for matters pertaining to the handling of Personal Information, we have also defined which specific employees will handle Personal Information as well as the scope of the Personal Information that said employees will handle. We have also established a system for reporting and communicating to the responsible persons in the event that we identify any indications or actual violations of laws or handling regulations.
- Regular training is provided to employees on matters that are considered related to the handling of Personal Information.
- In areas where Personal Information is handled, we take measures to control the entry and exit of employees to and from such spaces, restrict which equipment may be brought in, and also take measures to prevent unauthorized persons from viewing said Personal Information.
- We have implemented access controls to limit the scope of responsible persons and the scope of the personal information database that handles said Personal Information.
- We have introduced a mechanism to protect information systems that handle Personal Information from unauthorized external access or unauthorized software.
- We have implemented security management measures formed around an understanding of systems related to the protection of personal information found in countries outside of Japan where Personal Information is stored.
3. Procedures for Disclosure, Amendment, Suspension of Use, Deletion, etc. of Personal Information
2-1. Requests for disclosure, amendment, suspension of use, deletion, etc. of Personal Information
Please use the specified form for requesting disclosure, amendment, suspension of use, deletion, etc. of Personal Information (download the form from the following link and print out to use: [Link] ), fill in the required fields, attach one piece of personal identification (copy of official document such as driving license or passport) for the individual concerned ("Personal ID"), and send it to the address below together with return postage. Writing "Enc. request for disclosure" in red on the envelope will help us expedite your request.
Alternatively, if information was registered through our site by our technical support or email newsletter staff, requests for disclosure, amendment, suspension of use, deletion, etc. of Personal Information can be made as specified on the site, subject to our ability to properly confirm that the requester is the individual concerned.
Personal Information Protection Officer
Risk Management Office, THK Co., Ltd.
2-12-10 Shibaura, Minato-ku, Tokyo
2-2. Requests for disclosure, amendment, suspension of use, deletion, etc. of Personal Information made by a representative
Anyone requesting disclosure, amendment, suspension of use, deletion, etc. of Personal Information must be a legal representative of the individual concerned, or if charged with requesting disclosure, amendment, suspension of use, deletion, etc. of Personal Information by the individual concerned and acting as their representative, must enclose Personal ID with the request along with the other documents listed below.
- If a legal representative (both documents listed below are required.)
- One document proving status as a legal representative (for minors, copy of entire Japanese family register (copy of health insurance document showing the individual concerned is a dependent is acceptable if the representative has parental authority), or for adult wards, a copy of document proving registered details)
- One document proving the identity of the legal representative (copy of official document such as driving license or passport belonging to the legal representative)
- If appointed to represent the individual (both documents listed below are required.)
- When requesting disclosure, amendment, suspension of use, deletion, etc. of Personal Information, one document proving that the individual concerned has delegated the request, stamped with their registered seal (letter of attorney or equivalent)
- One seal registration certificate for the individual concerned
2-3. Fees for requests for disclosure, amendment, suspension of use, deletion, etc. of Personal Information
There is no charge for these requests. However, the requester is responsible for postage (including return postage).
2-4. Response to requests for disclosure, amendment, suspension of use, deletion, etc. of Personal Information
We will reply by post to the address given by the requester on the request form.
2-5. Reasons for not disclosing retained Personal Information
We will not disclose personal information in the following cases. If we decide not to disclose information, we will communicate that decision along with the reason why.
- Where the individual cannot be positively identified, for example if the address on the request form or the Personal ID does not match the address we hold
- Where authority as a representative cannot be verified in the case of a request from a representative
- Where there is insufficient information, for example omissions in the specified request form
- Where we do not hold the Personal Information subject to a request for disclosure, etc.
- Where doing so might involve a risk to the life, personal safety, property, or other right or benefit of the individual concerned or a third party
- Where doing so might seriously obstruct the appropriate performance of our business activities
- Where doing so would violate other laws or regulations
4. Contact for Questions About Personal Information
If you have any questions about our personal information protection policy or how we protect personal information, suggestions for improvements to our safeguarding of personal information, or if you want to talk to someone about requesting disclosure, amendment, suspension of use, deletion, etc. of Personal Information, please contact our personal information handling service at the contact details given below. Please note that we cannot accept requests in person at our offices.
Personal Information Handling Service
Office hours: Weekdays 9:00 am - 5:00 pm
Personal Information Protection Officer
Risk Management Office, THK Co., Ltd.
Tel: +81 3-5730-3896 Fax: +81 3-5730-3915
5. Use of Personal Information on Our Site
- Cookies, web beacons and IP addresses
On our site, cookies, web beacons and IP addresses are used for the purposes listed below. Users can disable our cookies and web beacons by disabling cookies in their browser settings, but this may prevent use of some or all functionality on web pages.
- To identify and resolve causes of server failure or other server issues
- To improve site and email content
- To customize site and email content for individual users
- For members-only services where personal information has already been registered, browsing history, questionnaire responses, etc. are used for marketing purposes
- To use anonymized information for statistics
Users can disable Google Analytics in browser add-on settings, preventing Google Analytics from collecting their data. Google Analytics can be disabled by downloading the "Google Analytics Opt-out Browser Add-on" from the Google opt-out browser add-on download page, installing the add-on, and configuring the browser add-on settings. If a user disables Google Analytics, it will disable Google Analytics on all sites and not just ours, but it can be re-enabled at any time by changing browser add-on settings.
Google Analytics Terms of Service:www.google.com/analytics/terms/us.html
Google Analytics Opt-out Add-on:https://tools.google.com/dlpage/gaoptout?hl=en
Note: "Google Analytics" is a registered trademark of Google.
We have no liability or responsibility for the protection of Personal Information on websites that are linked from our site. Please direct any questions or inquiries about the handling of Personal Information on other websites directly to the site owners.
Our "Handling of Customers' Personal Information" policy may be updated in accordance with changes to the law, etc. Updates will be incorporated on this page, and notifications about important updates will be posted separately on our website.
If you have any questions about the information listed here, please contact us using our Contact Form.
UPDATE: June 22, 2020
- THK CO., LTD.
- THK INTECHS CO., LTD
- Talk System CO., LTD.
- THK RHYTHM CO., LTD.
- THK Europe B.V.
- THK GmbH
- THK France S.A.S.
- THK Manufacturing of Europe S.A.S.
- THK Manufacturing of Ireland Ltd.
2. Processing of Your Personal Data
We may collect and process your personal data for the following purposes:
Purpose: Provision and receipt of products and services between Company Group and business partners (including customers and suppliers) and communication of the products and services.
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to offer to customers the products and services of the Company Group, to receive from suppliers the products and services of suppliers and to ensure communication with business partners regarding relevant matters for conducting the business.
Purpose: Introduction of products and services, sending greeting cards
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to introduce our products and services to customers, and to send greeting cards.
Purpose: Response to and management of queries from customers
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to respond to and manage customers' queries, handle their requests and provide technical support when needed.
Purpose: General Operations
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to organize and conduct business, exchange essential information with interested parties and operate management systems.
Purpose: Human Resources and labor management of employees of Company Group
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to ensure functioning of our relationship with our employees, deal with their requests, fulfill our obligations towards them, e.g. salary, bonus, maternity leave, holiday, company cars, entry cards etc.
Purpose: Operations and management of information systems of Company Group
We may have legitimate interest in collecting, directly or/and indirectly, and processing your personal data for the purposes, which is required to organize and operate the Company Group's information system, e.g. data backup, technical trainings, handle technical problems etc.
If you would like to further access to more detailed information, such as more specific purposes and legal basis in accordance with GDPR (Article 13 or 14), please click here .
We will process your personal data for all these legitimate purposes listed above as well as further detailed purposes indicated on the webpage accessible from here , and will not further process your personal data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of such processing purposes.
We may process your personal data based on legal obligation, as indicated on the webpage accessible from here .
We may process your sensitive personal data based on your consent, as indicated on the webpage accessible from here . Please be aware that you are entitled to withdraw your consent at any time without affecting the lawfulness of processing based on your consent before withdrawal thereof.
We will keep your personal data only for as long as it is necessary for us to comply with our legal obligations to ensure that we provide an adequate service, and to support its business activities (Article 5 and 25(2) GDPR).
3. Sharing of Your Personal Data
We may share your personal data with Company Group entities and with third parties in accordance with the GDPR. If we share your personal data with a service provider (processor), we will establish the appropriate legal framework in order to cover such transfer and processing (Articles 26, 28 and 29 GDPR). Furthermore, if we share your personal data with any entity outside the EEA, we will establish appropriate legal frameworks, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 GDPR).
The categories (and some examples of each category) of recipients of your personal data are specified bellow in accordance with the requirement under the GDPR.
Strategic Partners (controller)
Your personal data may be transferred to, stored and further processed by our strategic partners that work with us to provide our products and services or help us conduct business with you and provide assistance with managing our relationship with our employees. We may currently share your personal data with the following categories of strategic partners:
accounting services (Sweden, France Germany), insurance services (Germany, France), legal services (Italy), IT services (Germany, USA, Japan), public authorities (Germany, France, Switzerland, Netherlands) risk consulting services (UK, Germany, France), travel agencies (Germany), tax offices (France, Netherlands), business companies (France, Germany ,Japan), mover custom clearance (France), suppliers(Germany, France, UK), leisure companies (France, Germany), web hosting services/website services (Japan, USA), fire/rescue services (France), payroll services (Italy), manufacturing companies (Japan, China), pension services company (Japan), commercial service companies, warehouse/transfer companies (Germany), sales companies (Switzerland, Germany), parcel/forwarding services (Germany , Netherlands)
Service Providers (processors)
We may share your personal data with companies which provide services on our behalf, such as printing services (Germany) and IT system operational assistance (Germany).
Corporate Affiliates and Corporate Restructuring
We may share your personal data with all affiliates in the Company Group. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
In some instances, it will become necessary for the Company Group to disclose your personal data in accordance with law, legal proceedings, litigation, or requests from public and governmental authorities within or outside your country of residence. We will also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
In some instances, the disclosures stated above will involve transferring your personal data out of the EEA to the following countries:
Japan, Turkey, USA, China, Vietnam. Those transfers are conducted for the following purposes: (i) general business operations; (ii) human resources; (iii) IT system development; (iv) IT system operational assistance; (v) planning for new companies and (vi) webhosting services.
For each of these transfers, we provide an appropriate level of protection for the data transferred, in particular by entering into controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) standard contract clauses.
4. Company Group's Records of Data Processes
We handle records of all processing of your personal data in accordance with the obligations established by the GDPR (Article 30), both when we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
5. Security Measures
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organizational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
6. Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
7. Processing Likely to Result in High Risk to Your Rights And Freedoms
We have mechanisms and policies in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 GDPR: Data Protection Impact Assessment). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
8. Your Rights
You have the following rights regarding your personal data collected and processed by us.
- Information regarding processing or your personal data: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
- Access to your personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, if so, then access to your personal data and certain related information (Article 15 GDPR).
- Rectification or erasure of your personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 16 GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 GDPR).
- Restriction on processing of your personal data: You may have the right to obtain from us the restriction of processing of personal data concerning you, when certain legal conditions apply (Article 18 GDPR).
- Object to processing of your personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions apply (Article 21 GDPR).
- Data portability of your personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain legal conditions apply (Article 20 GDPR).
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, in so far as this produces legal or similar effects on you, when certain legal conditions apply (Article 22 GDPR).
- Withdrawal of your consent: You may withdraw your consent at any time without affecting the lawfulness of processing based on your consent before withdrawal thereof.
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.
Our products and services are intended for adult customers. Thus, we do not knowingly collect and process any personal data of children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the personal data as soon as possible.
10. Links to Other Sites
We may propose hypertext links from our websites to third-party websites or Internet sources. We do not control and cannot be held liable for third parties' data protection practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
The contact details of the Data Protection Officer are as follows:
Cookies are small text files that are placed on your computer or mobile phone when you visit a website. They are widely used in order to make websites work or to work more efficiently.
Web beacons are extremely small images that are embedded in a web page or an email formatted in HTML. It is used to convey to a server that a user has accessed that web page or read that email.
IP addresses are discrete strings of digits that are assigned to an individual computer for the purpose of identifying that computer. It is used to specify the transmission source and recipient when sending and receiving data.
- To track down and resolve errors and problems that arise in servers
- To improve the contents of websites, email, etc.
- To customize the contents of websites, email, etc. for individual users
- To use in marketing activities the browsing history details and survey results in membership services for which you register personal information in advance
- To use as statistical data in a form that does not identify individuals
Most browsers allow you to manage your cookies preferences by changing your browser settings. You can set your browser to do the following: (i) automatically accept or refuse all cookies; (ii) automatically accept or refuse first-party cookies and/or third party cookies; or (iii) notify you before any cookies are set on your terminal equipment so that you have the opportunity to accept or refuse those cookies.
- Chrome ( https://support.google.com/chrome/answer/95647?hl=en )
- Microsoft Edge ( https://support.microsoft.com/en-us/help/4027947/microsoft-edge-delete-cookies )
- Internet Explorer ( https://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
- Mozilla Firefox ( https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
- Safari ( https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
In addition, you can visit www.aboutcookies.org , which contains comprehensive information on how to do this on a wide variety of browsers.
Moreover, you can use another online service enabling you to manage the advertising cookies set in your devices: https://www.youronlinechoices.com/
Please note that if you block cookies, your experience on our websites will be impacted in that case as we will not be able to provide you with full access to all functions and contents of our websites.
Google Analytics Terms of Service:www.google.com/analytics/terms/us.html
Google Analytics Opt-out Add-on:tools.google.com/dlpage/gaoptout?hl=en
*"Google Analytics" is a registered trademark of Google.
Retention period for cookies
We consider your consent to cookies valid for a maximum period of 26 months. When that period of time elapses, we will ask for your consent again.