TORAY privacy statement for customer

 We, Toray Industries, Inc. and our direct and indirect subsidiaries (jointly the “Toray Group”) [a full list of all entities pertaining to the Toray Group, also showing the relevant contact information, can be found here, each of us being a controller for the data we collect, jointly forming the Toray Group, collectively use your information to manage and track our marketing efforts. Such information may be typically collected, when you exchange business cards with our staff during business meetings, at trade fairs or similar occasions or when you communicate with us, e.g. by email or by letter or through a contact form on one of our websites.

 

The data we collect/process

We may collect and store (or otherwise process):

  • the name of your company including your parent department or company, if applicable;

  • your company’s type, address, site, and website;

  • your name, role and contact details, such as email address and phone number; and in some cases other personal data, that is business related, that you may disclose to us.

We do in no case collect or process any personal data which falls under special categories of personal data listed in Art 9 of the GDPR or personal data from data subjects below the age of 16.

 

Why we collect your data

We collect this data to help us:

  • track our engagement activity with you and your company;

  • ensure our contact details are up to date;

  • develop a comprehensive view of our engagement activity with you and your company;

  • avoid duplicating meetings or communication on similar topics from a number of projects and functions within Toray;

  • understand and analyse the type and quality of our engagement activity with you and your company so we can improve it; and

  • respond to any actions, questions, feedback or queries that you’ve raised with us.

 

On what legal basis do we process your personal data:

We will process your personal data based on performance of contract (Art 6 (1) b GDPR) if we are dealing with you as data subject in connection with an ongoing or starting business relationship because this is necessary in order for us to supply services and/or goods to you (or the company you represents) and perform our contract with you or your company and/or taking steps at your request to enter into such a contract.

For such reason, in case you fail to provide us the required personal data, we may not be able to supply you with your desired goods and/or services, and our contract may not be performed in a proper manner.

In all other cases we will process our business contacts’ personal data based on our legitimate business interests (Art. 6 (1) f GDPR) or your consent given upon our requests (Art. 6 (1) a GDPR). We have an interest in cultivating contacts arising in the course of business even after the first contact, to use for establishing a business relationship and to stay in contact for marketing our services or providing communications which we think will be of interest to recipients. Furthermore, if you made an inquiry, our legitimate interest in the use of this service is to be able to answer user requests quickly and efficiently.

 

Where your data is stored

We store your data on secure servers mainly within Europe, the US and Japan.

From time to time, our IT staff and the technical support staff of our sub-processors and IT service and hardware suppliers may have access your data from outside Europe. We have strict controls over how, why and when they can do this. In general, such access is only granted as far as necessary for the maintenance of our systems and on a need-to-know-basis only.

In any case, we will only transfer personal data to recipients that provide an adequate level of data protection or as permitted by applicable data protection laws by implementing appropriate safeguards, including, but not limited to the EU Commission Standard Contractual Clauses for the transfer of data to third countries, when needed.  With respect to transfers to Japan we are relying on the adequacy decision adopted by the European Commission on 23 January 2019. A copy of the safeguards can be provided to you at your request.

 

How long we keep your data

We keep your data for as long as we are engaged with you and your company.

We regularly review the data we hold to ensure that it’s accurate and updated. Once you ask us to delete your data or when an engagement closes, or when we no longer need that data, we will remove it from our databases.

 

What rights you have:

We recognize the right to access and rectify any personal data stored in our systems (in particular our databases) to those individuals concerned who want to access, modify or delete their information.

You have the right to withdraw granted consent with effect for the future in accordance with Art. 7 (3) GDPR (where the processing is based on your consent) and to object and to the use of your personal data.

You can also:

  • request us to delete certain data pertaining to specific circumstances and if the processing is no longer necessary in relation to the purpose for which it was originally collected (right to erasure);

  • to the extent provided by the GDPR - request us to move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services under certain conditions, unless there are legitimate reasons hindering us from undertaking such transmission (right to data portability)

  • object to the processing of your personal data (right to oppose);

  • request to be provided with clear, transparent and easily understandable information about how we use your personal information (right to be informed);

  • equest us to restrict or suspend our processing of your data in certain circumstances (right to restriction of processing).

To avail yourself of these rights, please contact us by emailing or writing to us and we will endeavor to respond within 30 days. Contact details can be found in the CONTACTS below.

 

Right to lodge a complaint with a supervisory authority

If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us as set forth in the preceding section or if you consider your data protection rights have not been respected, you can lodge a complaint with the relevant Data Protection Authority.

A list with the contact details of the respective Data Protection Supervisory Authorities can be found here:

https://edpb.europa.eu/about-edpb/board/members_en

You can also lodge your complaint with the relevant Lead Data Protection Supervisory Authority for the TORAY EU, which is as follows:

Landesbeauftragter für Datenschutz und Informationsfreiheit des Landes Hessen

Prof. Dr. Michael Ronellenfitsch   

P.O. box 3163

65021 Wiesbaden

Gustav-Stresemann-Ring 1

2nd floor

65189 Wiesbaden

phone: +49 611 1408 – 0  

fax: +49 611 1408 – 611   

e-mail: [email protected]

 

No sharing of your data outside of Toray group

We need to manage our engagement activities properly to provide an effective service.

Your personal data is only shared across Toray Group in order to provide a good, timely service for you. Only authorised system administrators and designated users will have access to our system (including our databases) and thereby your data. The data we collect will not be resold or otherwise passed on to third parties outside of Toray group.

 

Your subscription to our newsletters:

You need to provide your information including your name, email address and your company’s name to register for the newsletter. We send newsletter, emails and other electronic notifications with advertising material (referred to hereinafter as the “newsletter”) with the consent of the recipients or legal permission. Our newsletters usually contain information on our products, services, events, the relevant market and us.

The newsletter registrations are recorded in order to be able to verify the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation and the IP address. The protocolling of the registration process is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR.

You may opt-out of receiving our newsletter at any time, i.e. withdraw your consent. You can find a link to unsubscribe to the newsletter at the end of each newsletter.

 

Updates (notice)

We may update or revise this privacy statement at any time so please refer back to this page for the most up-to-date version.

 

CONTACT

If you have any further queries and complaints regarding data protection in connection with our Websites or the services offered, please contact our internal data protection supervisor or our data protection officer.

You can contact our internal data protection supervisor by email:

[email protected]

The contact detail of the Data Protection Officer of OUR COMPANY is as follow:

[email protected]