Privacy Policy

Nippon Sanso Holdings Corporation recognizes the importance of protecting personal information and our social responsibilities as a business operator handling personal information and handles personal information based on the following policy in order to properly protect personal information on our shareholders, business partners, officers and employees, etc.

1. We comply with the Act on the Protection of Personal Information and related laws and regulations in Japan and engage in the appropriate acquisition, use and provision of personal information in accordance with the below disclosed Handling of Personal Information and internal regulations, etc.
2. We strive to prevent personal information we handle from being leaked, lost, or damaged by taking necessary and proper security measures, and we take necessary corrective measures in the event that an incident occurs.
3. We clearly prescribe rules on the handling of personal information in internal regulations and thoroughly familiarize officers and employees with such rules. Moreover, when providing personal information to contractors we manage and supervise contractors to ensure they handle personal information properly.
4. A designated office accepts and appropriately responds to complaints, consultations and requests from individuals concerned for disclosure, amendment, suspension of use, etc. of personal information we retain.

 

Enacted: April 1, 2022
Nippon Sanso Holdings Corporation
President CEO: Toshihiko Hamada

Handling of Personal Information

1 Purpose of Using Personal Information

(1) Personal information provided to the Company will be used as follows in our industrial gases and other businesses.

• (i) Personal information provided by business partners will be used:
  ・to build and maintain smooth business relationships and perform and manage transactions with partners;
  ・to send surveys or catalogues to partners;
  ・to keep records of and internally share details of meetings with partners; and
  ・to secure and ensure safety and hygiene of our facilities and equipment.
• (ii) Surveys, browsing histories, purchase histories, and other information acquired from business partners will be analyzed and used to introduce and propose products and services, such as to sell products, to provide after-sale services including product repairs and inspections, or to send product catalogues.
• (iii) Personal information provided by our shareholders will be used:
  ・to respond to various inquiries, requests, demands, etc. (including accumulating information such as inquiry records to improve our response);
  ・to provide information to and contact our shareholders; and
  ・to conduct our shareholder management and other stock-related operations.
• (iv)Personal information provided by job applicants, internship applicants, and former employees will be used to provide information to and contact them.
• (v)Personal information provided to the Company will be used for the purposes of use permitted by the Personal Information Protection Act and other laws and regulations.

(2) Personal information provided to the Company will be otherwise used if the Company informs the data subject or publicly announces that it will use the information for a special purpose.

2 Security Control Measures

The Company has taken the following measures for the appropriate management of personal information, etc. including measures to prevent its leakage, loss, or damage.

(1) Establishment of basic policy on handling personal information

This document is prepared to ensure the proper handling of personal information, etc. and to inform about the point of contact for receiving questions and complaints.

(2) Preparation of rules on handling personal information, etc.

• (i) A handling method is stated for each step of acquisition, use, storage, provision, deletion, and disposal of personal information, etc.
• (ii) Personal information handling rules are established to prescribe the persons responsible and their duties related to handling of persona information, etc.

(3) Organizational security control measures

• (i) A responsible person is assigned for the handling of personal information, etc. (personal information protection manager).
• (ii) A reporting line to a personal information control manager is prepared in the case of becoming aware of an actual or potential breach of a law or internal rule.
• (iii) Status of handling of personal information, etc. in a business unit is regularly examined by the business unit itself and audited by other business units.

(4) Personnel security control measures

Regular training is provided to officers and employees on matters to be noted in handling personal information, etc.

(5) Physical security control measures

• (i) Measures are taken to prevent theft or loss of devices, electronic media, documents, and the like that contain personal information, etc.
• (ii) Measures are taken so that personal information, etc. is not easily detected during a device, electronic medium, or the like containing personal information, etc. is carried inside or outside of a business place.

(6) Technical security control measures

• (i) The scope of staff who may access personal information, etc. is limited by implementing access control.
• (ii) A mechanism is introduced to protect the information system processing personal information, etc. from unauthorized access or malware from outside.
　

3 Provisions to Third Parties, Etc.

(1) Provision to third parties

In addition to (2) and (3) below, personal information, etc. provided to the Company will not be provided to a third party except in the following cases.

　
• (i) Cases in which prior consent is given
• (ii) Cases in which the Personal Information Protection Act or any other law or regulation permits

(2) Provision to contractors

Personal information, etc. may be disclosed or provided to our contractors to the extent necessary to achieve the purpose of use. For example, we may outsource the delivery of goods with delivery companies, we may outsource the organization of a campaign with information processing companies, and we may further subcontract part of contracted work with other companies. In those cases, we conclude a confidentiality agreement with the contractor and conduct rigorous management and supervision over each contractor so that personal information, etc. is appropriately managed.

(3) Joint use

Personal information may be jointly used by the Company and other companies of the Nippon Sanso Holdings Group (*) within the scope of the purpose of use stated in the “Purpose of Use of Personal Information” in order for those companies to provide comprehensive services.

Items of personal information to be jointly used are “name, contact information (address, telephone number, email address, and the like), affiliation, product delivery history, repair history, training record, details of inquiries, details of requests, and details of demands.” If any other item of personal information is jointly used, we will separately inform the data subjects or publicly announce to that effect.

The Company (Address: 1-3-26, Koyama, Shinagawa-ku, Tokyo, 142-0062 Nippon Sanso Holdings Corporation; Representative: Toshihiko Hamada) is responsible for the management of personal information that is jointly used.
(*) Companies of Nippon Sanso Holdings Group is defined as domestic and foreign affiliated companies of Nippon Sanso Holdings Corporation.

4 Request for Disclosure, Etc. of Personal Data Retained by the Company

Requests for notification of purpose of use, disclosure, correction, addition, deletion, cessation of use, erasure, cessation of third party provision, and other demands on personal information retained by the Company (“disclosure, etc.”) must be made in accordance with the procedures below. It must be noted in advance that personal information subject to a request is limited to the retained personal data that the Company has authorization to disclose, etc. and records of third party provision on transfer of personal data.

(1) Method to request disclosure, etc.

The necessary documents stated in (i) through (iv) below must be sent to the Company by post to make a request for disclosure, etc.

• (i) Request form for disclosure, etc.
  The “Request Form for Disclosure, Etc.” must be downloaded and filled out with the necessary particulars.
• (ii) Identity confirmation document
  One of the following documents (with name, address, and birthdate) must be submitted to confirm the data subject.
  
  • Copy of your driver's license
  • Copy of your passport
  • Copy of health insurance certificate
  • Copy of individual number card (front side only)
  • Copy of alien registration certificate
  • Copy of residence card
  • Copy of special permanent resident certificate
  • Copy of physically disabled certificate
  • Residence certificate (issued within the past three months)
  • Transcript or abridged transcript of family register (issued within the past three months)
• (iii) Identity confirmation document for an agent
  All of the following documents must be submitted in the case of a request by an agent.
  
  • One of the identity confirmation documents of the data subject stated in (ii)
  • One of the documents stated in (ii) as the agent’s identity confirmation document
  • Power of attorney by the data subject ( if the agent is a person with parental authority or any other legal representative, a transcript or abridged version of family register issued within the past three months or registration certificate of guardian of adult that shows the relationship to the data subject, in substitute for a power of attorney)
• (iv) Fees
  Postage stamps or a postal money order equivalent to 1,000 yen (including consumption tax) must be enclosed as the fee for each request for notification of the purpose of use or disclosure.

(2) The Company may not take action to requests for disclosure, etc. in the following cases.

• (i) Cases in which there is a possibility of harming the life, body, or fortune of the data subject or a third party
• (ii) Cases in which there is a possibility of encouraging or inducing an illegal or unjust act
• (iii) Cases in which there is a possibility of undermining national security, destroying a trusted relationship with a foreign country or international organization, or causing disadvantage in negotiations with a foreign country or international organization
• (iv) Cases in which there is a possibility of interfering seriously with the proper business operation of the Company
• (v) Cases of violating a law or regulation
• (vi) Cases in which there is a possibility of hindering the maintenance of public safety and order such as the prevention, suppression, or investigation of a crime

(3) Notification of outcome

Disclosure, etc. will be provided to the extent that we can confirm the personal information of the data subject based on the request form for disclosure, etc. and identity confirmation documents. The results of the request for disclosure, etc. (if disclosure, etc. is not possible or disclosure by means requested by the data subject is not possible, to that effect) will be sent to the address of the data subject or his or her agent stated in the identity confirmation document. The period of time required for sending the notification of outcome is approximately 10 business days.

(4) Others

After receiving a request form for disclosure, etc., the Company collates the records on the data subject and may confirm the identity of the data subject via email, telephone, and the like.
The Company will use the personal information stated in a request form for disclosure, etc. and the identity confirmation documents to the extent necessary to provide the relevant disclosure, etc.
Be advised that submitted documents will not be returned.

(5) Address to send documents

Postal code: 142-0062
Address: 1-3-26, Koyama, Shinagawa-ku, Tokyo
Nippon Sanso Holdings Corporation
Personal Information Protection Consultation Desk

5 Inquiries

Inquiries, complaints, and consultations on handling of the personal information, pseudonymously processed information, and anonymously processed information must be made to the following contact point: