This “POLICY ON PROTECTION OF PERSONAL DATA TO WHICH GDPR IS APPLIED” (this “Policy”) governs only processing by Kyorin Pharmaceuticals, パチスロ 本店. Ltd. (“we” or “us”) of personal data to which “REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” and its equivalent of the United Kingdom (“GDPR”) is applied.
1. Our policy on personal パチスロ 本店 protection
The purpose of the present Policy is to illustrate how we collect and process as the パチスロ 本店 controller the personal パチスロ 本店 of natural persons (“パチスロ 本店 subjects”) domiciled in European Economic Area (“EEA”), regardless of whether we obtained the personal パチスロ 本店 directly from パチスロ 本店 subjects or through third parties. We process the personal パチスロ 本店 in accordance with GDPR (and other regulations of EU or its Member States, if any, such as specific laws regarding pharmaceutical products or clinical studies).
Processing of “personal パチスロ 本店” under this Policy means either of the followings:
- (i) Processing of personal パチスロ 本店 in the context of the activities of an establishment of a controller or a processor in the EEA, regardless of whether the processing takes place in EEA or not (Article 3, paragraph 1 of GDPR)
- (ii) Processing of personal パチスロ 本店 of パチスロ 本店 subjects domiciled inside EEA by a controller or processor not established in EEA, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the パチスロ 本店 subject is required, to such パチスロ 本店 subjects in EEA; or (b) the monitoring of their behavior as far as their behavior takes place within EEA (Article 3, paragraph 2 of GDPR)
2. Collection and processing of personal パチスロ 本店
We always process personal パチスロ 本店 in accordance with any of the principles set out in GDPR (Article 5, 6 and 7). Further, where we process special categories of personal パチスロ 本店, we abide by the special rules of GDPR (Article 9 and 10).
We collect and process personal パチスロ 本店 where we have either of the following lawful bases:
- (i) It is necessary for us to process personal パチスロ 本店 for the purposes of legitimate interests pursued by us or a third party, including the performance of the obligation under the applicable laws and regulations (which include those outside EEA such as Japan), such as the application for marketing licenses of pharmaceuticals, pharmacovigilance activities, etc.
- (ii) We have a contractual relationship with the individual or the company for which the individual works and the processing is necessary to perform our obligations under the contract; or
- (iii) We have obtained the appropriate consent to the processing for a specific purpose including possible big パチスロ 本店 applications.
When we do so, we provide パチスロ 本店 subjects with the purpose of collecting and processing personal パチスロ 本店 through appropriate means such as consent forms or contracts.
Personal パチスロ 本店 processed in the context of above-mentioned (i) includes information (collected in clinical trials, genetic and epidemiological studies, during the monitoring of pharmacovigilance information) about individuals who took drugs of which we have marketing license or investigational products. Patients’ personal パチスロ 本店 collected in clinical trials (for the avoidance of doubt, in this Policy, by “clinical trial” we refer to those conducted in accordance with applicable laws and regulations) may include: age, gender, medical history, phenotype (set of observable characteristics such as anatomy, morphology), genotype (gene composition) etc.
Informed consent is required each time a patient participates in our clinical trials, in order to ensure both (a) voluntary participation in the study and (b) the patient’s right to privacy and パチスロ 本店 protection consistent with the requirements of applicable law. No consent is required for the reporting of side effects or other adverse events in the course of pharmacovigilance activities, but the person who reports the case, most often the healthcare professional, will inform the patient of the transfer of non-directly identifiable health パチスロ 本店 (pseudonomized) relating to him or her. This transfer is restricted to pharmacovigilance purposes and to the market-authorization holders, manufacturing license holders, selling-license holders, and health authorities in charge of pharmacovigilance.
The パチスロ 本店 subject shall have the right to withdraw his or her consent at any time. Please note, however, that the withdrawal of consent shall not affect the lawfulness of collection or other processing based on consent before its withdrawal: even after the withdrawal, we may continue using the personal information in question if there are other lawful basis.
We collect personal パチスロ 本店 for specified, explicit and legitimate purposes and do not further process the personal パチスロ 本店 in a manner that is incompatible with those purposes; prior to processing personal パチスロ 本店 for purposes other than those for which the personal パチスロ 本店 were initially collected, we always notify the パチスロ 本店 subject of such purposes.
We keep personal パチスロ 本店 for no longer than is necessary to perform legal obligations imposed on us and maintain our business activities (GDPR Article 5 and Article 25, paragraph 2).
We ensure that personal パチスロ 本店 we process are limited to those that are adequate, relevant and limited to what is necessary in relation to the purposes.
3. Sharing/disclosure of personal パチスロ 本店
We ensure that we will never sell, lease or otherwise dispose of the personal パチスロ 本店 we collected as an object of transactions.
At times we share personal パチスロ 本店 we collected with our group companies and third parties. When we share personal パチスロ 本店 with third-party processor, we take appropriate measures to implement GDPR requirements (GDPR Article 24, 26, 28 and 29). Further, where third parties with whom we share personal information are domiciled or established outside EEA, we take appropriate measures pursuant to GDPR Chapter V so as to ensure an essentially equivalent level of protection.
We also ensure that we abide by the specific laws and regulations, where applicable, that governs sharing of personal パチスロ 本店 with third parties. By way of example, we process the personal パチスロ 本店 we collected (either as controller, joint controller or processor) during clinical studies in accordance with applicable laws (e.g. Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use) and regulation (e.g. Member States’ rules implementing ICH-GCP, including pseudonomization requirements).
Our business partners
Personal パチスロ 本店 may be transferred to, retained and processed by our business partners who jointly develop, apply for marketing license on, manufacture or sell pharmaceuticals, in a form being unable to identify a particular individual.
Delegation to processor
For the purposes of editing パチスロ 本店 to the extent not to prejudice the identicalness (such as preparing パチスロ 本店 to be input onto the format designated by the competent authority), we may have third-party service provider undertake processing work of personal パチスロ 本店. When executing contracts for such purposes, we carefully examine if the contracting party is suitable for undertaking the task. Through the contract, we set out processor’s obligations on implementing appropriate technical and organizational measures, obligations of confidentiality, conditions on engaging sub-processor and other matters relating to appropriate processing of personal パチスロ 本店. We properly supervise the processor through regular monitoring of its performance etc.
Group companies / corporate reorganization
At times we share personal パチスロ 本店 with our group companies. When there occurs any transfer of all or part of our business through corporate reorganization, stock acquisition (including in the context of bankruptcy proceedings) etc., transfer of personal パチスロ 本店 may take place accordingly.
Compliance with laws
Based on or in the context of the provisions of applicable laws, legal proceedings, court proceedings, requests/orders of the competent authorities and other governmental entities (which may be inside or outside of the country where パチスロ 本店 subjects are domiciled), we may be obliged to disclose personal パチスロ 本店. We may also disclose personal パチスロ 本店 where we deem it appropriate to do so in view of national security, law enforcement or other important social issues.
In addition, we may disclose personal パチスロ 本店 where we believe it reasonably necessary in good faith to do so in order to protect our rights and interests, seek any available reliefs, execute our internal rules, investigate wrongdoings, or protect our business or stakeholders.
Sharing or disclosing personal パチスロ 本店 as above may necessitate transfer of personal パチスロ 本店 outside EEA. As a prerequisite for this, we ensure to adequately protect the personal パチスロ 本店 to be transferred through the measures that ensure an essentially equivalent level of protection.
4. Our records on personal パチスロ 本店 processing
When we process personal パチスロ 本店, we process the recorded materials in accordance with GDPR (Article 30). We adhere to GDPR, and reflect in these recorded materials all the information necessary for cooperation with the competent authorities in accordance with Article 31 of GDPR.
5. Protection of personal パチスロ 本店
- (1) SecurityWe protect the personal パチスロ 本店 by implementing appropriate technical and organizational measures (including pseudonymization) that prevent the personal パチスロ 本店 from unauthorized, unlawful or accidental loss, destruction, corruption, alteration, leakage of, or access to personal パチスロ 本店 transmitted, stored or otherwise processed (GDPR Article 25, paragraph 1 and Article 32).
- (2) Processing likely to result in a high risk to the rights and freedoms of パチスロ 本店 subjectWhere we envisage a type of processing that is likely to result in a high risk to the rights and freedoms of the パチスロ 本店 subject, we carry out an assessment of the impact of the envisaged processing operations prior to the processing, and ensure that such processing operations are in compliance with the requirements of GDPR, or implement appropriate technical and organizational protection measures in order to continue such processing operations (GDPR Article 35). In case of any doubt, we consult the supervisory authority for advice and proposal prior to processing (GDPR Article 36).
- (3) Notification of a personal パチスロ 本店 breach to the supervisory authorityIn preparation to security compromise that is likely to lead to unauthorized, unlawful or accidental loss, destruction, corruption, alteration, leakage of, or access to personal パチスロ 本店 transmitted, stored or otherwise processed (“personal パチスロ 本店 breach”), we have implemented the internal system and measures to screen, detect and assess the personal パチスロ 本店 breach. Unless the personal パチスロ 本店 breach is unlikely to result in a risk to the rights and freedoms of natural persons, we make necessary notification of the personal パチスロ 本店 breach to the competent supervisory authority and the affected パチスロ 本店 subject (GDPR Article 33 and 34).
6. Rights of パチスロ 本店 subjects
パチスロ 本店 subjects shall have the right to obtain from us the update, the rectification, the deletion, the copies, the restriction or the prohibition of the processing of the personal パチスロ 本店 we retain. In addition, we inform the パチスロ 本店 subject of the vested rights in accordance with GDPR and other applicable legislation, in light of the characteristics of the personal パチスロ 本店 in question, when notifying the purposes of our personal パチスロ 本店 processing.
Please refer to the contact information in Section 9 below when パチスロ 本店 subjects intend to exercise the above-mentioned rights. If the パチスロ 本店 subjects are not satisfied with, or have any complaints on, our actions in response to his/her requests, they have the right to lodge a complaint with a supervisory authority.
7. About personal パチスロ 本店 of children
Where we process personal パチスロ 本店 of children below the age of 16 (where a Member State provides by law lower age, below such age), we properly collect and process the personal パチスロ 本店 in accordance with the applicable GDPR provisions by, among others, obtaining effective consent from the holder of parental responsibility over the child.
8. Amendments to this Policy
This policy does not constitute a contract between パチスロ 本店 subjects and us. Accordingly, we may amend this policy in order to comply with the applicable laws and regulations, or to adapt this policy to our business operations. All the amendments to this Policy become effective, without directly notifying to パチスロ 本店 subjects, upon posting the amended Policy on this website. When we make amendments we consider important, we inform such amendments to パチスロ 本店 subjects to the extent feasible on this website; we may request consents from パチスロ 本店 subjects as the case may be.
9. Contact information
For any questions or requests on this Policy, please contact either of the followings.
OUR JAPANESE HEADQUARTERS
For any queries, please contact privacyinquiry@mb.kyorin-pharm.パチスロ 本店jp, via phone at 81-3-6374-9726, or via regular mail at Kyorin Pharmaceutical パチスロ 本店., Ltd, Attn: Legal and Corporate Compliance, 1-3-7, Otemachi, Chiyoda-ku, Tokyo, 100-0004, Japan.
パチスロ 本店 PROTECTION OFFICER
We have appointed Huette Rechtsanwälte Partnerschaft mbB to act as our パチスロ 本店 Protection Officer. For any queries, please contact kyorin-dpo@huette-legal.com, via phone at +49 69 24 75 612 10, or via regular mail at Huette Rechtsanwälte Partnerschaft mbB, Bethmannstraße 8, 60311 Frankfurt am Main, Germany.
EU REPRESENTATIVE
As we are based outside of the EU, Article 27 required that we appoint an EU representative to handle certain パチスロ 本店 subject requests and queries. In compliance with this, we have appointed パチスロ 本店 Protection Representative Limited, d.b.a. DataRep, to act as our representative. Any queries requiring the input of our representative, should please be directed as follows:
- sending an email to DataRep at datarequest@datarep.com quoting <KYORIN Pharmaceuticals パチスロ 本店., Ltd.> in the subject line,
- contacting on DataRep’s online webform at www.datarep.com/パチスロ 本店-request, or
- mailing your inquiry to DataRep at the most convenient of the addresses (refer here(DataRep, PDF/140KB)).
PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘KYORIN Pharmaceuticals パチスロ 本店., Ltd.’, or your inquiry may not reach DataRep. Please refer clearly to KYORIN Pharmaceuticals パチスロ 本店., Ltd. in your correspondence. On receiving your correspondence, we request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you. If you have any concerns over how DataRep will handle the personal data, please refer to its privacy notice at www.datarep.com/privacy-policy.