In the course of our business, our customers and other stakeholders sometimes disclose or entrust their personal data to us. Managing this personal data properly is critical, and is the very foundation of the relationship of trust that TOYO enjoys with its stakeholders. Recognizing this, TOYO is fully committed to protecting personal data in compliance with this Policy and TOYO constantly seeks to refine the systems we have established for this purpose. Especially, TOYO is compliant with the provisions set forth by the GDPR with reference to the processing of personal data, including but not limited to the transfer outside the European Union.
- ■PERSONAL DATA CONTROLLER
- The Personal Data Controller or the “Controller” as defined in the GDPR is TOYO.
- ■TYPE OF PERSONAL DATA COLLECTED
- The personal data collected and processed consist of the data required by the registration form and, in particular, the name, surname and title of the data subject, the e-mail address and the telephone number.
- ■PURPOSES OF PERSONAL DATA PROCESSING
The personal data collected will be processed only for the following purposes:
- Responding to customer’s requests for information
- Answering customer’s questions
- Providing content that meets customer’s needs
- ■CONSEQUENCES OF MISSING OF PERSONAL DATA
- Providing personal data is always discretionary. In case of missing of personal data indicated as “mandatory”, the required service could not be delivered and the interested data subjects shall not be correctly identified. The missing of the personal data not indicated as “mandatory” will not affect the delivery of the service.
- ■METHODS OF PERSONAL DATA PROCESSING
- The personal data will be processed - whether or not performed by automated means - in compliance with regulatory obligations, ensuring full compliance with the laws and regulations. The processing of personal data will consist of the collection and storage of personal data, also with the aid of electronic tools. The personal data collected will be kept for the period of time strictly necessary for the achievement of the purposes for which they are collected and processed, unless required by the laws and regulations.
- ■PLACE OF PERSONAL DATA PROCESSING
- Personal data will be processed in Japan.
- ■COMMUNICATION AND TRANSFER
- TOYO will not transfer personal data to any third party without a permission of data subject unless otherwise obligated in accordance with the laws and regulations. Any transfer of personal data to a third country from the European Union will be managed in compliance with the provisions set forth by the GDPR.
- ■SUBJECTS AUTORIZED WHO CAN PROCESS PERSONAL DATA
- The personal data will be processed by the personnel appointed as personal data processors or, in any case, the personnel delegated / authorized to personal data processing.
- ■RIGHTS OF DATA SUBJECTS
The data subject is entitled to exercise the rights as permitted by the provisions set forth in the GDPR with reference to his/her own personal data, including among others the following:
Right of access – To obtain confirmation from the Personal Data Controller as to whether or not the personal data are being processed or not, and to receive information regarding: (i) the purpose of processing; (ii) categories of personal data processed; (iii) retention period; and (iv) subjects to whom personal data could be communicated (Article 15, GDPR);
Right of rectification – To obtain, without undue delay, the rectification of the personal data (Article 16, GDPR);
Right of cancellation – To obtain, without undue delay, the cancellation of the personal data (Article 17, GDPR);
Right to restriction – To obtain from the Personal Data Controller the restrictions of the personal data processing (Article 18, GDPR);
Right to portability – To receive the personal data in a structured, commonly used and machine-readable format and transmit these personal data to another personal data controller (Article 20, GDPR);
Right of objection – To object to processing of the personal data, unless there are legitimate reasons for the Personal Data Controller to continue processing (Article 21, GDPR);
Right to claim to the competent authority – To claim to the competent authority (Article 77, GDPR).
The data subject is entitled to exercise these rights by sending a request via e-mail to the address of the Personal Data Controller, see INQUIRIES below.
The exercise of these rights is subject to certain exceptions aimed at safeguarding the public interest (for example the prevention or identification of crimes) and our interests. In the event that a data subject exercises any of the aforementioned rights, TOYO will give the data subject feedback within a reasonable period of time.
- ■NAVIGATION DATA
- TOYO collects specific information about a customer’s hardware and software for the purpose of maintaining the operation and quality of TOYO’s information service, and for the purpose of collecting statistics about the usage of TOYO’s pages. Such information may include IP address, browser type, operating system, domain name, access frequency, reference web site, and e-mail address.
With respect to inquiries concerning the personal data, please contact below.
Safety, Quality and Environment Management Division
e-mail address: firstname.lastname@example.org