PORITE CORPORATION (hereinafter, “Porite”) shall handle personal data (personal information) from persons located within the EEA (hereinafter “information providers in the EEA”) in compliance with the EU’s General Data Protection Rules (GDPR) and relevant laws, etc., and shall use it in an appropriate manner in line with Porite’s business activities.
This privacy policy is applicable to information providers in the EEA who use Porite services and to whom the GDPR and other laws are applicable.
-
Definition of personal information
Personal information is information concerning an individual that can be used to directly identify the individual on the basis of the name, birthdate, telephone number, address, and place of work included in the information, or that can be used to readily identify an individual by cross-referencing it with other information.
-
Acquisition of personal information
Porite shall acquire personal information through legal and fair means.
-
Use of personal information
With regard to personal information acquired, Porite shall reveal the purpose of use to the relevant individual. Furthermore, the acquired personal information shall be used for business purposes within the scope of the intended use.
-
Secure management of personal information
Porite shall work to prevent loss of, damage to, tampering with, leakage of, and unauthorized access to personal information. To this end, it shall establish a position to take responsibility for the protection of personal information and put in place a suitable mechanism to ensure effectiveness.
-
Provision of personal information to third parties
Except in the cases described below, Porite shall not disclose or provide personal information to third parties without the consent of the relevant individual. If personal information is to be disclosed or provided to a third party, Porite shall work to ensure that the third party takes suitable measures to guard against leakage and other risks to protect the information. Cases where personal information is provided to subcontractors or partners to the extent that there is a business requirement to do so. Cases where personal information is inherited on the basis of business laws, etc., through a company merger, division, or transfer of business. In cases where provision is required or permitted by law, etc., personal information shall be provided in line with stipulations of the relevant law.
-
Handling of personal information
This provides an explanation of matters including the purpose of acquisition and handling of personal information acquired by Porite in accordance with the stipulations of the Act on the Protection of Personal Information.
-
Porite’s fundamental approach to personal information
Porite shall respect the spirit of the Act on the Protection of Personal Information, and define and follow Rules on the Handling of Specific Personal Information.
-
Personal information held by Porite
- Personal information concerning users of customer contact points, PR contact points, office contact points operated by each business group and group companies
- Personal information concerning shareholders
- Personal information concerning applicants for recruitment
- Personal information concerning direct stakeholders, certain groups, and other stakeholders
- Personal information concerning directors, employees, employees’ families, and former employees
- Purpose of use of personal information held by Porite
- Purpose of use of personal information concerning users of customer contact points, PR contact points, office contact points operated by each business group and group companies
- Investigating and responding to the content of questions and communications
- Communication and provision to product manufacturers, sellers, healthcare practitioners, and other such parties
- Notifications and reports to government agencies
- Personal information concerning shareholders
- Carrying out of duties defined in the Companies Act and handling of the exercise of rights by shareholders
- Sending of business reports and other documents for distribution
- Personal information concerning applicants for recruitment
- Consideration and decision of whether to hire or not
- Personal information concerning direct stakeholders, certain groups, and other stakeholders
- Communications, discussions, considerations, negotiations, information provision, delivery and receipt of materials for distribution regarding external affairs and handling of such affairs
- Undertaking joint work and the associated communications, discussions, considerations, information provision, delivery and receipt of materials for distribution
- Personal information concerning directors, employees, employees’ families, and former employees
- Carrying out duties stipulated in labor management and other labor-related laws and regulations (including business communication, attendance management, salary payment, expense reimbursement, assignment of personnel, personnel evaluations, skill development, and welfare, health and safety), tax-related laws and regulations, and social welfare laws and regulations
- Receipt, implementation, and management of procedures stipulated in internal rules
- Communication with health insurance unions, corporate pension funds, and other welfare benefit organizations and group companies, sending of newsletters and other materials for distribution, communication in emergencies, and communication and sending of materials in alumni associations and other social gatherings
- Provision of personal information held to third parties
Personal information held by Porite is shared for use by the Porite group. In order to deal with inquiries and for the purpose of business improvement going forward, Porite may retain access history including IP address, cookies, and other such things.
-
Transfer of data outside EEA
- In some cases, Porite may transfer personal data to countries outside of the EEA. The destination for transfer includes members of the Porite group, cloud service providers, service vendors, and other such third parties (parties who process data). Porite shall oversee such third party handlers of personal data to ensure that they follow the GDPR and appropriate and suitable measures for protection in accordance with the circumstances of the transfer.
- The Porite group deems that by using the group’s services, an individual understands and gives their approval regarding the following.
- Some countries outside the EEA have insufficient laws for the protection of personal data, and there is no guarantee that they are of the same level as the measures for protection defined in the GDPR.
- In order to fulfill the purpose of use, Porite may transfer personal data to members of the Porite group or third parties such as subcontractors including cloud service providers and service vendors (parties that process data) that are located in countries outside of the EEA.
-
Protection of personal information held
Porite shall perform regular training for its staff to ensure personal information is protected and shall implement strict management of customers’ personal information. The database systems possessed by Porite shall have the security controls required by the Rules on the Handling of Specific Personal Information.
-
Subcontracting of processing of personal information held
When subcontracting the processing of personal information held by Porite, Porite shall conclude the contracts required and implement suitable management and supervision.
-
Shared use of personal information held
In order to provide a comprehensive service, Porite shall share personal information for use to the extent necessary to achieve the purpose of use on the basis of the Rules on the Handling of Specific Personal Information.
-
Storage period
Porite processes and stores personal data only within the scope of the purpose of use. Personal data that is no longer necessary shall be swiftly erased.
-
Customer rights
Customers can exercise the following rights whenever they wish to do so with regard to the customer’s personal information held by Porite.
- The right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed, and if so, the right to access said data.(GDPR Article 15)
- The right to obtain the rectification of inaccurate personal data concerning them if the personal data contains an error. (GDPR Article 16)
- The right to have their personal information erased. (GDPR Article 17)
- The right to restrict the processing of their personal data in certain circumstances. (GDPR Article 18)
- The right to data portability. (GDPR Article 20)
- The right to object in certain circumstances. (GDPR Article 21)
- The right to withdraw consent. (GDPR Article 7)
-
Cookie Policy
About Cookie Usage
This website uses cookies mainly in the following ways in order to improve user experience and maintain and increase service quality. Cookies are not used to acquire customers’ personal information.- Inquiry Form
-
Contact us
If you have any comments, questions, or complaints about the Porite privacy policy, or would like to make any other inquiries about the handling of user information, please use the contact details below.
Inquiries here
PORITE CORPORATION General Affairs Division General Affairs Dept.Inquiries
-
Revisions
Porite shall change this policy at its own discretion. However, if procedures required for revision are defined in the Act on the Protection of Personal Information Act or other laws, revision shall be performed on the basis of such laws.
If Porite is to change this policy with regard to users, the timing of the enactment of the changed policy and the details of the changes shall be announced by using the following channels.
Publishing on the Porite website Notification to users Other suitable channels
Date of Creation / Revision
Created: July 27, 2012
Revised: July 21, 2020