Privacy Policy

1. About This Policy

This Policy applies to the processing of your personal data by Shimadzu Diagnostics Corporation (the “Company,” “we,” “our,” or “us”).

3. How We Collect Your Personal Data

We may collect information that you provide to us, whether by means of a form on our website, by email, in a letter, or otherwise, such as your name, address, email address, telephone number, fax number, workplace information, division and department, title, position, name of your contact group or organization, technical rank, password, details of your inquiry, information on whether we can send you direct mail, etc., products or fields in which you are interested, campaign codes, consent to acquisition or use of cookies, feedback to our website, etc.

We also may receive from our distributors and agents information, such as your name, address, email address, telephone number, workplace information, division and department, name of your contact group or organization, commercial negotiation or transaction status, commercial negotiation or transaction history, details of your inquiry, information on whether we can send you direct mail, etc., history of your participation in exhibitions, seminars, etc., information on a device that you use, history of your access to our and our group companies’ websites, etc.

When you visit our website, we may automatically collect the materials that you access, your download history, traffic data, location information, log, language information, dates and frequency of access, other communication information (including IP address, operating system, host domain, and type of browser), information on your computer and internet connection, and URLs of reference sources (“Communication Information”).

If you are our or our group companies’ employee, we may collect your name, email address, user ID, photo, address, telephone number, fax number, workplace information, division and department, schedule, attendance status, passport information, signature, etc. (“Employee Information”), as well as your login history, history of sending and receiving emails, certification log, email archive, history of use of Office 365, if you use Office 365 (email, SharePoint, Teams, Forms, etc.) (“System Information”).

4. Purposes of Processing Personal Data

We use the Personal Data that we hold about you for the purposes set forth below. We will use your Personal Data only to the extent that it is necessary to do so to fulfill these purposes:

1. (a) to address your request or perform an agreement with you;
2. (b) to contact you (including to address your inquiry);
3. (c) to confirm the location where a device is installed, etc.;
4. (d) to announce our and our group companies’ exhibitions, seminars, products, services, etc.;
5. (e) to conduct market research and develop new products and/or new services;
6. (f) to manage the device maintenance history;
7. (g)  to collect quality information and provide feedback for development and/or manufacturing, etc.;
8. (h) to improve our website;
9. (i) to analyze your behaviors;
10. (j) to share transaction information within the Company and our group companies;
11. (k) to ensure the security of our website;
12. (l) to issue a notice of a change in our services or website;
13. (m) for our employees to use Office 365 (email, SharePoint, Teams, Forms, etc.);
14. (n) to manage personnel and labor matters for our employees (provision of trainings, acquisition of visas, participation in meetings, etc.);
15. (o) to comply with any laws and regulations applicable to us;
16. (p) to cooperate with relevant governmental authorities and agencies, including competent data protection authorities and those that are engaged in administrative or criminal investigations
17. (q) to establish, exercise or defend legal claims.
18. (r) Soliciting and conducting clinical trials and post-marketing surveillance; and
19. (s) Coordinating during surveys, planning, research, and development in the fields of medicine, pharmacy and biology

5. Disclosure of Personal Data to Recipients and Joint Use of Personal Data

We may share your Personal Data with the following categories of recipients:

1. (a) Group companies: We may disclose your Personal Data to our group companies.
2. (b) Employees: We may disclose your Persona Data to our employees who have the authority and necessity to access the Personal Data.
3. (c) Service providers:  We may disclose your Personal Data to service providers, such as IT service providers, consultants, etc.
4. (d) Contractors, distributors, and agents: We may disclose your Personal Data to our contractors, distributors, and agents.
5. (e) Business successors: We may disclose your Personal Data to persons which succeed to our business due to an organizational restructuring, business transfer, etc.

We may otherwise disclose your Personal Data to any third party other than those set forth above, including public agencies, if such disclosure is required to achieve the purposes for which you provided Personal Data to us or other purposes that we specify when obtaining consent or Personal Data from you, to the extent necessary to comply with any laws and regulations applicable to us, to cooperate with relevant governmental authorities and agencies, or to establish, exercise or defend legal claims.

Under Japanese law, we may use the joint use framework under the Act on the Protection of Personal Information to share with our group companies (including those group companies located outside Japan) and the relevant agent in charge of you, your name, address, email address, telephone number, signature, name of your contact group or organization, commercial negotiation or transaction history, details of your inquiry, information on whether we can send you direct mail, etc., history of your participation in exhibitions, seminars, etc., information on a device that you use, history of your access to our and our group companies’ websites, for the purposes referred to in Section 4 (a) to (g) above.

In addition, if you are a cooperating company (including a vendor, a contractor of manufacturing, a contractor of service, a receiver of our orders for services, etc.) or a person in charge therein, we may share your name, address, email address, telephone number, name of your contact group or organization, and transaction history with our group companies (including those subsidiaries located outside Japan) for the purpose referred to in Section 4 (j) above.

If you are our employee, we may share your Employee Information and System Information with our group companies (including those group companies located outside Japan) for the purposes referred to in Section 4 (a), (b), (d), (e), (g), (j), (m), (n), (o), (p), and (q) above.

In these cases, we will be the party responsible for the management of your Personal Data. Please refer to Section 10 below for our address and the name of our representative.

6. Provision of Your Personal Data Outside Japan

Your Personal Data may be provided to third parties outside Japan, such as our group companies located outside Japan, etc. The names of the countries outside Japan (excluding those countries provided by the Enforcement Rules for the Act on the Protection of Personal Information as foreign countries which have systems to protect personal information that are found to be on the same level as those of Japan in protecting personal rights and interests) where third parties to which we may provide your Personal Data are located (excluding those third parties which have established systems meeting the standards provided by the Enforcement Rules for the Act on the Protection of Personal Information), and information regarding the legislation to protect personal information in these countries are as set forth below. The third parties to which we may provide your Personal Data take all measures corresponding to the 8 Principles under the OECD Privacy Guidelines.

• United States of America (federal legislation): https://www.ppc.go.jp/files/pdf/USA_report.pdf
• United Arab Emirates (federal legislation): https://www.ppc.go.jp/files/pdf/arab_report.pdf
• India:https://www.ppc.go.jp/files/pdf/india_report.pdf
• Commonwealth of Australia: https://www.ppc.go.jp/files/pdf/australia_report.pdf
• Canada:https://www.ppc.go.jp/files/pdf/canada_report.pdf
• Republic of Singapore: https://www.ppc.go.jp/files/pdf/singapore_report.pdf
• Swiss Confederation: https://www.ppc.go.jp/files/pdf/switzerland_report.pdf
• Republic of Korea: https://www.ppc.go.jp/files/pdf/korea_report.pdf
• Taiwan: https://www.ppc.go.jp/files/pdf/taiwan_report.pdf
• People’s Republic of China: https://www.ppc.go.jp/files/pdf/china_report.pdf
• Republic of Turkey: https://www.ppc.go.jp/files/pdf/turkey_report.pdf
• Republic of Philippines: https://www.ppc.go.jp/files/pdf/philippin_report.pdf
• Federative Republic of Brazil: https://www.ppc.go.jp/files/pdf/brazil_report.pdf
• Socialist Republic of Viet Nam: https://www.ppc.go.jp/files/pdf/vietnam_report.pdf
• Hong Kong: https://www.ppc.go.jp/files/pdf/hongkong_report.pdf
• Malaysia: https://www.ppc.go.jp/files/pdf/malaysia_report.pdf
• Russian Federation: https://www.ppc.go.jp/files/pdf/russia_report.pdf
• Republic of South Africa: https://www.ppc.go.jp/files/pdf/south_africa_report.pdf
• Oriental Republic of Uruguay: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/uruguay_report.pdf
• Republic of North Macedonia: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/north_macedonia_report.pdf
• Republic of Serbia: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/serbia_report.pdf
• Bosnia and Herzegovina: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/bosnia_report.pdf

7. Storage Period for Personal Data

We will retain your Personal Data that we collect for the period necessary to Process such Personal Data. For example, your membership information regarding services on a members-only website will be retained until you cancel your membership, and your access log will be retained for 18 months. However, this does not apply if we are required by laws or regulations to retain your Personal Data for a longer period of time, in which case, we will retain it for the period required by laws or regulations.

8. Your Rights

You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:

1. (a) right to obtain information regarding Processing of your Personal Data and to access the Personal Data that we hold about you;
2. (b) right to request that we rectify your Personal Data if it is inaccurate or incomplete;
3. (c) right to request that we erase your Personal Data in certain circumstances;
4. (d) right to request that we restrict our Processing of your Personal Data in certain circumstances;
5. (e) right to object to our Processing of your Personal Data;
6. (f) right to receive your Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such Personal Data to a recipient where this is technically feasible; and
7. (g) right to withdraw your consent to our Processing of your Personal Data at any time.

You may exercise any of your rights by contacting us, using the information about us set forth in Section 10 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights has been infringed by us.

9. Security Control Measures

We take necessary and appropriate measures to prevent any leakage, loss of, or damage to, your Personal Data to be Processed and to otherwise control the security of personal information, such as clarification of the person responsible for or the person in charge of Processing of Personal Data, regular self-inspection of the Processing status of Personal Data, establishment of a system to report leakage, etc., formulation of rules on Processing, regular training of employees regarding Processing of Personal Data, management of entries into and exits from facilities, prevention of theft or loss of equipment for Processing Personal Data, appropriate discarding of Personal Data, ensuring the security of the systems and devices used, and implementation of access controls, etc. We also exercise appropriate supervision over our contractors and employees who Process Personal Data, and if we handle personal information outside Japan, we will grasp the country’s legislation to protect personal information and take appropriate security control measures.

10. Contact Details

If you have any questions about this Policy, your rights, or any other matter relating to the protection of personal information, please contact us at the following address:

1. (a) Address of head office: 3-24-6, Ueno, Taito-ku, Tokyo 110-8736
2. (b) Name of representative: Tokuya Ono
3. (c) Responsible department: Department of General Affairs and Human Resources, Shimadzu Diagnostics Corporation
4. (d) Email address: sdc-info@sdc.shimadzu.co.jp
5. (e) Telephone number: 03-5846-5611
6. (f) FAX：03-5846-5619

11. About the Accredited Personal Information Protection Organization Our Company Is Affiliated to

We are a member of the Federation of Pharmaceutical Manufacturers’ Associations of Japan (FPMAJ), an accredited personal information protection organization. The Federation accepts complaints and consultations concerning the handling of personal information by member corporations. [Article 27, Paragraph 1, Item 4 of the Act, Article 8, Item 2 of the Enforcement Ordinance]

Contact details
Personal Information Protection Center, The Federation of Pharmaceutical Manufacturers’ Association of Japan
MFPR Nihonbashi-honcho Building, 3-7-2, Nihonbashi-honcho, Chuo-ku, Tokyo 103-0023
Telephone: 03-5843-6494
Service hours: 10:00-16:00 (excluding Saturdays, Sundays, national holidays, year-end and New Year holidays, and other designated holidays)
URL: http://www/fpmaj.gr.jp/

For Those in the EEA and the UK

This section applies to those in the European Economic Area (the “EEA”) and the UK. This section supplements our “Privacy Policy” (the “Policy”) and prevails over any conflicting provisions in the Policy.

1. Legal Basis

We Process your Personal Data on the legal basis set forth below.

1. (a) Contract. Where the Processing of your Personal Data is necessary to perform a contract we enter into with you. For example, this includes where we provide you with information, products, and services that you request from us based on a contract that we enter into with you.
2. (b) Legitimate interests. Where the Processing of your Personal Data is necessary for legitimate interests pursued by us or a third party, and your interests and fundamental rights do not override those interests. For example, this includes where we Process your Personal Data for the following purposes:
   • to show the contents of the website in the most effective manner for you or your computer;
   • to allow you to use the interactive functions of our services when you wish to do so;
   • to ensure the security of the website;
   • to provide you with technical support and to improve the relevant websites and services;
   • to provide you with information that you request to address your inquiry;
   • to announce a change in our services or website;
   • if you are an existing customer, to contact you to provide you with information regarding products and services that are similar to those products and services that were previously subject to sale or negotiations for sale (including contact by email and SMS); or
   • to disclose your Personal Data to a person which succeeds to our business due to a business transfer, merger, consolidation, change of control, transfer of material assets, restructuring, liquidation, or any other organizational restructuring.
   You may obtain further details about legitimate interests by contacting us, using the information about us set forth in Section 10 of the Policy.


3. (c) Consent. With your consent, we may process your Personal Data to provide you with information regarding products or services in which you seem to be interested. If you do not allow us to use your Personal Data in such manner, you are requested to refuse to give us consent when we request your consent in a form used by us to collect your Personal Data, or to withdraw your consent by sending an email containing your request to sdc-info@sdc.shimadzu.co.jp. The withdrawal of your consent will not affect the lawfulness of Processing performed based on the consent before your withdrawal.
4. (d) Legal obligation. Where the Processing of your Personal Data is required by law applicable to us, such as tax law.

2. Transfer of Personal Data Outside the EEA or the UK

Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK. Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:

1. (a) the recipient destination has been found by the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Data; or
2. (b) the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of Personal Data as required by data protection laws, with us.

You can obtain further details of the protection given to your Personal Data when it is transferred outside the EEA or the UK by contacting us, using the information about us set forth in Section 10 of the Policy.

3. Use of Cookies, etc.

For use of cookies, etc. in our website, please refer to our Cookies.

4. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (in this section, “Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the website. The information generated by the cookies about your use of the website will be transmitted to and stored by Google on servers in the United States.

Google will use this information on behalf of us as the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to us.

In the case where IP address anonymization is activated on this website, your IP address will be deleted within the EEA and the UK. In exceptional cases, the whole IP address may be transferred to a Google server in the United States and deleted there. The IP address anonymization is active on this website.

The IP address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website.

You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser:https://tools.google.com/dlpage/gaoptout?hl=en.

5. Marketing Automation

This website uses services provided by the companies set forth below (in this section, individually referred to as a “Service Provider”).

The contents of each Service Provider’s services are listed in the tables below.

Each Service Provider uses cookies, which are text files placed on your computer, to help the website analyze how users use the website.

The information generated by the cookies about your use of the website will usually be transmitted to and stored on each Service Provider’s servers.

Each Service Provider will use this information on behalf of us as the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to us.

Furthermore, we use each Service Provider to store information that you input on forms on this website in cookies.

6. Social Media Plug-ins

In our website, we use website elements from the social networks Facebook, X(Twitter), and YouTube. Providers of these plug-ins are the companies Meta Platforms, Inc., X Corp., and Google Inc. (in this section, “Providers”). Web page elements include, among others, buttons (so-called “social plug-ins”) or integrated content from the Providers.

The operator of Facebook is Meta Platforms, Inc., 1 Hacker Way Menlo Park, California 940254, USA. For an overview of the Facebook webpage elements and their look, please go to:https://developers.facebook.com/docs/plugins

The operator of X(Twitter) is X Corp., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. For an overview of the X(Twitter) webpage elements and their look, please go to:https://dev.x.com/web/overview

The operator of and YouTube is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

Your browser establishes a direct connection to the server of the respective Provider when you visit a page from our website that contains such a website element. The content of the website element is transmitted by the respective Provider directly to your browser and integrated into the website. By integrating the website elements, the Providers gain knowledge that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective Provider or are not logged in at the time. This information (including your IP address) is transmitted by your browser directly to a server of the respective Provider in the United States and stored there.

If you are logged into one of the services, the respective Provider can directly assign the visit to our website to your profile with this Provider.

We have no influence over the parameters of the data that the Providers lift out with the help of the website elements. For details on the purpose and extent of the data collection and the further Processing and use of the data by the Providers as well as your related rights and setting options for protecting your privacy, please refer to the privacy policy of the Provider:

• Facebook：https://www.facebook.com/about/privacy/
• X(Twitter)：https://x.com/en/privacy
• YouTube：https://policies.google.com/privacy?hl=en

You would need to log out of each Provider’s services if you want to prevent the Providers from directly associating the data collected through our website with your profile in that service. Finally, browser add-ons will completely prevent the loading of the website elements.

7. EU/UK Representative

You may contact our EU/UK representative using the contact details below.

EU representative
Name: Shimadzu Europa GmbH
Address: Albert-Hahn Str. 6-10, 47269 Duisburg, Germany

UK representative
Name: SHIMADZU UK Limited
Address: Unit 1A, Mill Court, Featherstone Road

Wolverton Mill South, Milton Keynes MK12 5RD, U.K.

For Those in the Peoples’ Republic of China

This section applies to those in the Peoples’ Republic of China.

1. How We Handle Your Personal Information

We shall engage in handling such as personal information collection, retention, use, processing, transmission, provision, disclosure, and deletion.

2. Processing of Sensitive Personal Information

In the case of handling sensitive personal information, we shall implement measures required under the Personal Information Protection Law of the Peoples’ Republic of China (hereinafter in this Section, the “Law”) such as notifying you of the necessity of handling sensitive personal information, and effects on individuals’ rights and interests.

We shall handle Communication Information and System Information as sensitive personal information. The necessity for handling Communication Information and System Information, and effects on individual rights and interests, are as follows:

Communication Information

Necessity for handling
It is necessary for us to handle your Communication Information to announce products and services, etc. in line with your needs.

Effects on individuals’ rights and interests
Your Communication Information is managed under appropriate security control measures, and the possibility of it having effects on individuals’ rights and interests due to leakage, etc. is limited.

System Information

It is necessary for us to handle your System Information to enable the use of Office 365 (email, SharePoint, Teams, Forms, etc.) by employees.

Effects on individuals’ rights and interests
Your System Information is managed under appropriate security control measures, and the possibility of incidence of effects on individuals’ rights and interests due to leakage, etc. is limited.

3. Provision of Personal Information

In the case we provide your personal information to third parties other than the outsourcees to which the handling of personal information is outsourced by us, we shall implement measures required under the Law, such as notifying you of such third parties’ names, contact methods, handling purposes, handling methods, and categories of personal information.

In the case we provide your personal information to third parties outside China, we will implement measures required under the Law, such as notifying you of such third parties’ names, contact methods, handling purposes, handling methods, categories of personal information and the methods and procedures in which the rights set forth under the Law will be exercised against such third parties.

We shall provide your personal information to the following third parties outside China.

A.

Third parties’ names
Shimadzu Scientific Instruments, Inc., Shimadzu Scientific Instruments (TAIWAN) CO.,LTD., SAP Japan Co.,Ltd., Amazon Web Services Japan G.K.

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
To announce our and our group companies’ exhibitions, seminars, products, and services, etc., and to analyse your behavior.

Third party handling methods
In the manner stated in 1. Above

Categories of Personal information
Name, email address, workplace information, inquiry details, Communication Information

Manner and procedures, etc. to exercise the rights set forth by the Law against third parties
Please contact us using our contact details stated in Section 10 of the Policy.

B.

Third parties’ names
Shimadzu Business Systems Corporation
Log-in setting, operation and troubleshooting responses for systems used in transactions

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
Log-in setting, operation and troubleshooting responses for systems used in transactions

Third party handling methods
In the manner stated in 1. above

Categories of Personal information
Name, email address, telephone number, workplace information, division and department

Manner and procedures, etc. to exercise the rights set forth by the Law against a third party
Please contact us using our contact details stated in Section 10 of the Policy.

C.

Third party name
OneTrust, LLC

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
Use of cookie consent management tool

Third party handling methods
In the manner stated in 1. above

Categories of personal information
Consent to acquisition or use of cookies, IP address and language information

Manner and procedures, etc. to exercise the rights set forth by the Law against a third party
Please contact us using our contact details stated in Section 10 of the Policy.