PRIVACY POLICY

1. About this Policy

This Policy applies to the processing of your personal data by Shimadzu Corporation (the “Company,” “we,” “our,” or “us”).

2. Definitions

In this Policy:

(a)   “Personal Data” means any information relating to an identified or identifiable natural person;
(b)   “Process/Processing” means any activity or operation that is carried out in respect of Personal Data, such as collecting, storing, using, transferring, or deleting it; and
(c)   “You” or “your” means an identified or identifiable natural person by Personal Data, including our or our subsidiary’s customers, employees, cooperating companies or people in charge therein, shareholders, and investors.

3. How We Collect Your Personal Data

We may collect information that you provide to us, whether by means of a form on our website, by email, in a letter, or otherwise, such as your name, address, email address, telephone number, fax number, workplace information, division and department, title, position, name of your contact group or organization, technical rank, password, details of your inquiry, information on whether we can send you direct mail, etc., products or fields in which you are interested, campaign codes, consent to acquisition or use of cookies, feedback to our website, etc.

We also may receive from our distributors and agents information, such as your name, address, email address, telephone number, workplace information, division and department, name of your contact group or organization, commercial negotiation or transaction status, commercial negotiation or transaction history, details of your inquiry, information on whether we can send you direct mail, etc., history of your participation in exhibitions, seminars, etc., information on a device that you use, history of your access to our and our subsidiaries’ websites, etc.

When you visit our website, we may automatically collect the materials that you access, your download history, traffic data, location information, log, language information, dates and frequency of access, other communication information (including IP address, operating system, host domain, and type of browser), information on your computer and internet connection, and URLs of reference sources (“Communication Information”).

If you are our or our subsidiary’s employee, we may collect your name, email address, user ID, photo, address, telephone number, fax number, workplace information, division and department, schedule, attendance status, passport information, signature, etc. (“Employee Information”), as well as your login history, history of sending and receiving emails, certification log, email archive, history of use of Office 365, if you use Office 365 (email, SharePoint, Teams, Forms, etc.) (“System Information”).

4. Purposes of Processing Personal Data

We use the Personal Data that we hold about you for the purposes set forth below. We will use your Personal Data only to the extent that it is necessary to do so to fulfill these purposes:

(a)   to address your request or perform an agreement with you;
(b)   to contact you (including to address your inquiry);
(c)   to confirm the location where a device is installed, etc.;
(d)   to announce our and our subsidiaries’ exhibitions, seminars, products, services, etc.;
(e)   to conduct market research and develop new products and/or new services;
(f)   to manage the device maintenance history;
(g)   to collect quality information and provide feedback for development and/or manufacturing, etc.;
(h)   to improve our website;
(i)   to analyze your behaviors;
(j)   to share transaction information within the Company and our subsidiaries;
(k)   to ensure the security of our website;
(l)   to issue a notice of a change in our services or website;
(m)   for our employees to use Office 365 (email, SharePoint, Teams, Forms, etc.);
(n)   to manage personnel and labor matters for our employees (provision of trainings, acquisition of visas, participation in meetings, etc.);
(o)   to hold and record meetings with shareholders and investors;
(p)   to comply with any laws and regulations applicable to us;
(q)   to cooperate with relevant governmental authorities and agencies, including competent data protection authorities and those that are engaged in administrative or criminal investigations; and
(r)   to establish, exercise or defend legal claims.

5. Disclosure of Personal Data to Recipients and Joint Use of Personal Data

We may share your Personal Data with the following categories of recipients:

(a)   Subsidiaries: We may disclose your Personal Data to our subsidiaries.
(b)   Employees: We may disclose your Persona Data to our employees who have the authority and necessity to access the Personal Data.
(c)   Service providers: We may disclose your Personal Data to service providers, such as IT service providers, consultants, etc.
(d)   Contractors, distributors, and agents: We may disclose your Personal Data to our contractors, distributors, and agents.
(e)   Business successors: We may disclose your Personal Data to persons which succeed to our business due to an organizational restructuring, business transfer, etc.

We may otherwise disclose your Personal Data to any third party other than those set forth above, including public agencies, if such disclosure is required to achieve the purposes for which you provided Personal Data to us or other purposes that we specify when obtaining consent or Personal Data from you, to the extent necessary to comply with any laws and regulations applicable to us, to cooperate with relevant governmental authorities and agencies, or to establish, exercise or defend legal claims.

Under Japanese law, we may use the joint use framework under the Act on the Protection of Personal Information to share with our subsidiaries (including those subsidiaries located outside Japan) and the relevant agent in charge of you, your name, address, email address, telephone number, signature, name of your contact group or organization, commercial negotiation or transaction history, details of your inquiry, information on whether we can send you direct mail, etc., history of your participation in exhibitions, seminars, etc., information on a device that you use, history of your access to our and our subsidiaries’ websites, for the purposes referred to in Section 4(a) to (g) above.

In addition, if you are a cooperating company (including a vendor, a contractor of manufacturing, a contractor of service, a receiver of our orders for services, etc.) or a person in charge therein, we may share your name, address, email address, telephone number, name of your contact group or organization, and transaction history with our subsidiaries (including those subsidiaries located outside Japan) for the purpose referred to in Section 4(j) above.

If you are our employee, we may share your Employee Information and System Information with our subsidiaries (including those subsidiaries located outside Japan) for the purposes referred to in Section 4(a), (b), (d), (e), (g), (j), (m), (n), (p), (q), and (r) above.

In these cases, we will be the party responsible for the management of your Personal Data. Please refer to Section 10 below for our address and the name of our representative.
 

6. Provision of Your Personal Data Outside Japan

Your Personal Data may be provided to third parties outside Japan, such as our subsidiaries located outside Japan, etc. The names of the countries outside Japan (excluding those countries provided by the Enforcement Rules for the Act on the Protection of Personal Information as foreign countries which have systems to protect personal information that are found to be on the same level as those of Japan in protecting personal rights and interests) where third parties to which we may provide your Personal Data are located (excluding those third parties which have established systems meeting the standards provided by the Enforcement Rules for the Act on the Protection of Personal Information), and information regarding the legislation to protect personal information in these countries are as set forth below. The third parties to which we may provide your Personal Data take all measures corresponding to the 8 Principles under the OECD Privacy Guidelines.

United States of America (federal legislation): https://www.ppc.go.jp/files/pdf/USA_report.pdf

United Arab Emirates (federal legislation): https://www.ppc.go.jp/files/pdf/arab_report.pdf

India: https://www.ppc.go.jp/files/pdf/india_report.pdf​

Commonwealth of Australia: https://www.ppc.go.jp/files/pdf/australia_report.pdf

Canada: https://www.ppc.go.jp/files/pdf/canada_report.pdf​

Republic of Singapore: https://www.ppc.go.jp/files/pdf/singapore_report.pdf​

Swiss Confederation: https://www.ppc.go.jp/files/pdf/switzerland_report.pdf​

Republic of Korea: https://www.ppc.go.jp/files/pdf/korea_report.pdf

Taiwan: https://www.ppc.go.jp/files/pdf/taiwan_report.pdf

People’s Republic of China: https://www.ppc.go.jp/files/pdf/china_report.pdf

Republic of Turkey: https://www.ppc.go.jp/files/pdf/turkey_report.pdf​

Republic of Philippines: https://www.ppc.go.jp/files/pdf/philippin_report.pdf

Federative Republic of Brazil: https://www.ppc.go.jp/files/pdf/brazil_report.pdf

Socialist Republic of Viet Nam: https://www.ppc.go.jp/files/pdf/vietnam_report.pdf

Hong Kong: https://www.ppc.go.jp/files/pdf/hongkong_report.pdf​

Malaysia: https://www.ppc.go.jp/files/pdf/malaysia_report.pdf​

Russian Federation: https://www.ppc.go.jp/files/pdf/russia_report.pdf

Republic of South Africa: https://www.ppc.go.jp/files/pdf/south_africa_report.pdf

Oriental Republic of Uruguay: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/uruguay_report.pdf

Republic of North Macedonia: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/north_macedonia_report.pdf

Republic of Serbia: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/serbia_report.pdf

Bosnia and Herzegovina: https://www.shimadzu.co.jp/sites/shimadzu.co.jp/files/attention/bosnia_report.pdf

7. Storage Period for Personal Data

We will retain your Personal Data that we collect for the period necessary to Process such Personal Data. For example, your membership information regarding services on a members-only website will be retained until you cancel your membership, and your access log will be retained for 18 months. However, this does not apply if we are required by laws or regulations to retain your Personal Data for a longer period of time, in which case, we will retain it for the period required by laws or regulations.

8. Your Rights

You have a number of legal rights in relation to the Personal Data that we hold about you. These rights may vary depending on where you are located and which data protection laws apply to the relationship between you and us, but typically will include the following:

(a)   right to obtain information regarding Processing of your Personal Data and to access the Personal Data that we hold about you;
(b)   right to request that we rectify your Personal Data if it is inaccurate or incomplete;
(c)   right to request that we erase your Personal Data in certain circumstances;
(d)   right to request that we restrict our Processing of your Personal Data in certain circumstances;
(e)   right to object to our Processing of your Personal Data;
(f)   right to receive your Personal Data in a structured, commonly used, and machine-readable format and/or to request that we directly transmit such Personal Data to a recipient where this is technically feasible; and
(g)   right to withdraw your consent to our Processing of your Personal Data at any time.

You may exercise any of your rights by contacting us, using the information about us set forth in Section 10 below. You also may lodge a complaint with the data protection authority if you believe that any of your rights has been infringed by us.

9. Security Control Measures

We take necessary and appropriate measures to prevent any leakage, loss of, or damage to, your Personal Data to be Processed and to otherwise control the security of personal information, such as clarification of the person responsible for or the person in charge of Processing of Personal Data, regular self-inspection of the Processing status of Personal Data, establishment of a system to report leakage, etc., formulation of rules on Processing, regular training of employees regarding Processing of Personal Data, management of entries into and exits from facilities, prevention of theft or loss of equipment for Processing Personal Data, appropriate discarding of Personal Data, ensuring the security of the systems and devices used, and implementation of access controls, etc. We also exercise appropriate supervision over our contractors and employees who Process Personal Data, and if we handle personal information outside Japan, we will grasp the country’s legislation to protect personal information and take appropriate security control measures.

10. Contact Details

If you have any questions about this Policy, your rights, or any other matter relating to the protection of personal information, please contact us at the following address:

(a)   Address of head office: 1, Nishinokyo Kuwabara-cho, Nakagyo-ku, Kyoto-shi 604-8511
(b)   Name of representative: Yasunori Yamamoto
(c)   Responsible department: IT Strategy Unit, DX·IT Strategy Management Department, Shimadzu Corporation
(d)   Email address: mail
(e)   Telephone number: 075-823-1278
(f)   FAX: 075-823-2091

For Those in the EEA and the UK

This section applies to those in the European Economic Area (the “EEA”) and the UK. This section supplements our “Privacy Policy” (the “Policy”) and prevails over any conflicting provisions in the Policy.

1. Legal Basis

We Process your Personal Data on the legal basis set forth below.

(a)   Contract. Where the Processing of your Personal Data is necessary to perform a contract we enter into with you. For example, this includes where we provide you with information, products, and services that you request from us based on a contract that we enter into with you.
(b)   Legitimate interests. Where the Processing of your Personal Data is necessary for legitimate interests pursued by us or a third party, and your interests and fundamental rights do not override those interests. For example, this includes where we Process your Personal Data for the following purposes:
 
  • to show the contents of the website in the most effective manner for you or your computer;
  • to allow you to use the interactive functions of our services when you wish to do so;
  • to ensure the security of the website;
  • to provide you with technical support and to improve the relevant websites and services;
  • to provide you with information that you request to address your inquiry;
  • to announce a change in our services or website;
  • if you are an existing customer, to contact you to provide you with information regarding products and services that are similar to those products and services that were previously subject to sale or negotiations for sale (including contact by email and SMS); or
  • to disclose your Personal Data to a person which succeeds to our business due to a business transfer, merger, consolidation, change of control, transfer of material assets, restructuring, liquidation, or any other organizational restructuring.
You may obtain further details about legitimate interests by contacting us, using the information about us set forth in Section 10 of the Policy.
(c)   Consent. With your consent, we may Process your Personal Data to provide you with information regarding products or services in which you seem to be interested. If you do not allow us to use your Personal Data in such manner, you are requested to refuse to give us consent when we request your consent in a form used by us to collect your Personal Data, or to withdraw your consent by sending an email containing your request to mail. The withdrawal of your consent will not affect the lawfulness of Processing performed based on the consent before your withdrawal.
(d)   Legal obligation. Where the Processing of your Personal Data is required by law applicable to us, such as tax law.

2. Transfer of Personal Data Outside the EEA or the UK

Your Personal Data may be transferred to, and stored by, a third party outside the EEA or the UK. Where we transfer your Personal Data to a third party outside the EEA or the UK, we will ensure that:

(a)   the recipient destination has been found by the European Commission or has been designated by the government of the UK as ensuring an adequate level of protection for the rights and freedoms that you possess in respect of your Personal Data; or
(b)   the recipient enters into standard data protection clauses that have been approved by the European Commission, or other contracts for the transfer of Personal Data as required by data protection laws, with us.

You can obtain further details of the protection given to your Personal Data when it is transferred outside the EEA or the UK by contacting us, using the information about us set forth in Section 10 of the Policy.

3. Use of Cookies, etc.

For use of cookies, etc. in our website, please refer to our Cookie Policy.

4. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (in this section, “Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the website. The information generated by the cookies about your use of the website will be transmitted to and stored by Google on servers in the United States.

Google will use this information on behalf of us as the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to us.

In the case where IP address anonymization is activated on this website, your IP address will be deleted within the EEA and the UK. In exceptional cases, the whole IP address may be transferred to a Google server in the United States and deleted there. The IP address anonymization is active on this website.

The IP address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website.

You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: https://tools.google.com/dlpage/gaoptout?hl=en .

5. Marketing Automation

This website uses services provided by the companies set forth below (in this section, individually referred to as a “Service Provider”).

The contents of each Service Provider’s services are listed in the tables below.

Each Service Provider uses cookies, which are text files placed on your computer, to help the website analyze how users use the website.

The information generated by the cookies about your use of the website will usually be transmitted to and stored on each Service Provider’s servers.

Each Service Provider will use this information on behalf of us as the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to us.

Furthermore, we use each Service Provider to store information that you input on forms on this website in cookies.

Marketo
Service contents Web analytics and marketing service
Service Provider Marketo Inc.
Country California, the United States
Server location in the United States
More information about privacy at Marketo https://documents.marketo.com/legal/privacy/
Opt out

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You may further refuse the collection of information generated by the cookies about your use of the website and their transfer to and Processing by Marketo by way of setting a refusal cookie.

Please click on the “opt out” button below to refuse to the creation of a pseudonymous user profile.

[ Opt out ]

Please be aware that if you delete this refusal cookie or all cookies, we will also lose the information that you made use of your right to “opt out” from Marketo.
Silver Egg Technology (SET)
Service contents Recommendation service
Service Provider Silver Egg Technology Co., Ltd.
Country Osaka, Japan
Server location in Japan
More information about privacy at SET

https://www.silveregg.co.jp/privacy.html  (Japanese)

https://www.silveregg.co.jp/GDPR  (English)

Opt out

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You may further refuse the collection of information generated by the cookies about your use of the website and their transfer to and Processing by SET by way of setting a refusal cookie.

Please click on the “opt out” button below to refuse to the creation of a pseudonymous user profile.

[ Opt out ]

Please be aware that if you delete this refusal cookie or all cookies, we will also lose the information that you made use of your right to “opt out” from SET.

6. Social Media Plug-ins

In our website, we use website elements from the social networks Facebook, Twitter, and YouTube. Providers of these plug-ins are the companies Meta Platforms, Inc., Twitter Inc., and Google Inc. (in this section, “Providers”). Web page elements include, among others, buttons (so-called “social plug-ins”) or integrated content from the Providers.

The operator of Facebook is Meta Platforms, Inc., 1 Hacker Way Menlo Park, California 940254, USA. For an overview of the Facebook webpage elements and their look, please go to: https://developers.facebook.com/docs/plugins .

The operator of Twitter is Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. For an overview of the Twitter webpage elements and their look, please go to: https://dev.twitter.com/web/overview .

The operator of and YouTube is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

Your browser establishes a direct connection to the server of the respective Provider when you visit a page from our website that contains such a website element. The content of the website element is transmitted by the respective Provider directly to your browser and integrated into the website. By integrating the website elements, the Providers gain knowledge that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective Provider or are not logged in at the time. This information (including your IP address) is transmitted by your browser directly to a server of the respective Provider in the United States and stored there.

If you are logged into one of the services, the respective Provider can directly assign the visit to our website to your profile with this Provider.

We have no influence over the parameters of the data that the Providers lift out with the help of the website elements. For details on the purpose and extent of the data collection and the further Processing and use of the data by the Providers as well as your related rights and setting options for protecting your privacy, please refer to the privacy policy of the Provider:

Facebook: https://www.facebook.com/about/privacy/

Twitter: https://twitter.com/en/privacy

YouTube: https://policies.google.com/privacy?hl=en

You would need to log out of each Provider’s services if you want to prevent the Providers from directly associating the data collected through our website with your profile in that service. Finally, browser add-ons will completely prevent the loading of the website elements.

7. EU/UK Representative

You may contact our EU/UK representative using the contact details below.

EU representative
Name: Shimadzu Europa GmbH
Address: Albert-Hahn Str. 6-10, 47269 Duisburg, Germany

UK representative
Name: SHIMADZU UK Limited
Address: Unit 1A, Mill Court, Featherstone Road
Wolverton Mill South, Milton Keynes MK12 5RD, U.K.

For Those in California (Addendum for California Consumer Privacy Act)

Last Updated: 4/1/2022

If you are a California “consumer” within the meaning of the California Consumer Privacy Act of 2018 (the “CCPA”), this Addendum for California Consumer Privacy Act (this “CCPA Addendum”) applies to you. This CCPA Addendum supplements our “Privacy Policy” (the “Policy”) and prevails over any conflicting provisions in the Policy.

This CCPA Addendum uses certain terms that have the meanings given to them in the CCPA, including:

  • “Personal Information,” which means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
  • “Sell,” “selling,” “sale,” or “sold,” which means the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by a business to another business or a third party for monetary or other valuable consideration.

1. Our Collection, Use, and Disclosure of Your Personal Information

A. Categories, Sources, and Purposes of Your Personal Information Collected or to Be Collected

The table below describes the categories of your Personal Information that we collect, or have collected during the 12-month period prior to the effective date of this CCPA Addendum.

Category of Personal Information Collected Example
Identifiers Name, address, email address, telephone number, fax number, user ID, passport information
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Signature, password
Commercial information Commercial negotiation or transaction status, commercial negotiation or transaction history, details of your inquiry, information on whether we can send you direct mail, etc., history of your participation in exhibitions, seminars, etc., information on a device that you use, products or fields in which you are interested, campaign codes
Internet or other electronic network activity information Communication Information, System Information
Audio, electronic, visual, thermal, olfactory, or similar information Photo
Occupation or employment information Workplace information, division and department, title, position, name of your contact group or organization, technical rank, schedule, attendance status

Business or commercial purposes. The business or commercial purposes for which your Personal Information will be collected or used are as described in Section 4 of the Policy.

Categories of sources. The categories of sources from which your Personal Information was collected during the 12-month period prior to the effective date of this CCPA Addendum are as follows:

  • obtained directly from you;
  • obtained from our distributors and agents; or
  • obtained automatically through our website.

B. Sale and Disclosure of Your Personal Information

(A) Sale of Your Personal Information

We do not sell, and have not sold during the 12-month period prior to the effective date of this CCPA Addendum, your Personal Information, including the Personal Information of consumers under the age of 16.

(B) Disclosure of Your Personal Information for a Business Purpose

The table below describes: (i) the categories of your Personal Information that we have disclosed for our business purposes during the 12-month period prior to the effective date of this CCPA Addendum; and (ii) the categories of third parties to which we have disclosed such Personal Information for our business purposes during the 12-month period prior to the effective date of this CCPA Addendum.

Category of Personal Information Disclosed Example Third Parties to Which Personal Information Was Disclosed in the Last 12 Months
Identifiers Name, address, email address, telephone number, fax number, password, user ID, passport information Our subsidiaries, distributors, and service providers
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) Signature Our subsidiaries
Commercial information Commercial negotiation or transaction status, products or fields in which you are interested, details of your inquiry Our subsidiaries and service providers
Audio, electronic, visual, thermal, olfactory, or similar information Photo Our subsidiaries
Internet or other electronic network activity information Communication Information, System Information Our subsidiaries, distributors, and service providers
Occupation or employment information Workplace information, division and department, title, position, technical rank, schedule, attendance status Our subsidiaries, distributors, and service providers

2. Your Rights and Requests

If you are a California consumer, you have certain rights regarding your Personal Information, as described below:

I.   Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information we have collected, used, and disclosed about you during the 12 months preceding your request:
(I)   The categories of Personal Information we collected about you;
(II)   The categories of sources from which we collected such Personal Information;
(III)   The business or commercial purposes for collecting your Personal Information;
(IV)   The categories of third parties with whom we disclosed such Personal Information; and
(V)   The specific pieces of Personal Information we have collected about you.
II.   Deletion: You have the right to request that we delete certain Personal Information we collected from you.

How to Submit a Request. To make an access or deletion request, please contact us using the information about us indicated in Section 10 of the Policy or the following toll-free number:

[ 1-877-225-1192 ]
*This is the telephone number for consumers in California only.

Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your Personal Information or complying with your deletion request.

Upon receiving an access or deletion request from you, we first will verify your identity by requiring you to submit Personal Information you have provided us already (such as your name or e-mail address), and by matching the information you submitted with what we already have. If we are unable to verify your identity because you have not submitted this information, we may refuse your request.

If you use an authorized agent to make an access or deletion request on your behalf, we may require the agent to provide documents proving that you have given the agent signed permission to make the request. We also may require you to (1) verify your own identity directly with us, or (2) directly confirm with us that you provided the authorized agent permission to submit the request.

Additional Information. If you exercise any of your rights under the CCPA, you have the right not to receive discriminatory treatment from us. To the extent permitted by applicable laws and regulations, we may charge a reasonable fee to comply with your request.

3. Changes to this CCPA Addendum

We may change this CCPA Addendum from time to time. The date “Last Updated” at the top of this CCPA Addendum states when this CCPA Addendum was last updated. Any changes will become effective upon us posting the revised CCPA Addendum.

We will post a prominent notice on the site to notify you of any significant changes to this CCPA Addendum and indicate the date it was most recently updated.

4. Contact Details

If you have any questions or concerns regarding this CCPA Addendum or our privacy practices, please contact us using the information about us indicated in Section 10 of the Policy.

For Those in the Peoples’ Republic of China

This section applies to those in the Peoples’ Republic of China.

1. How We Handle Your Personal Information

We shall engage in handling such as personal information collection, retention, use, processing, transmission, provision, disclosure, and deletion.

2. Processing of Sensitive Personal Information

In the case of handling sensitive personal information, we shall implement measures required under the Personal Information Protection Law of the Peoples’ Republic of China (hereinafter in this Section, the “Law”) such as notifying you of the necessity of handling sensitive personal information, and effects on individuals’ rights and interests.

We shall handle Communication Information and System Information as sensitive personal information. The necessity for handling Communication Information and System Information, and effects on individual rights and interests, are as follows:

Communication Information

Necessity for handling
It is necessary for us to handle your Communication Information to announce products and services, etc. in line with your needs.

Effects on individuals’ rights and interests
Your Communication Information is managed under appropriate security control measures, and the possibility of it having effects on individuals’ rights and interests due to leakage, etc. is limited.

System Information

Necessity for handling
It is necessary for us to handle your System Information to enable the use of Office 365 (email, SharePoint, Teams, Forms, etc.) by employees.

Effects on individuals’ rights and interests
Your System Information is managed under appropriate security control measures, and the possibility of incidence of effects on individuals’ rights and interests due to leakage, etc. is limited.

3. Provision of Personal Information

In the case we provide your personal information to third parties other than the outsourcees to which the handling of personal information is outsourced by us, we shall implement measures required under the Law, such as notifying you of such third parties’ names, contact methods, handling purposes, handling methods, and categories of personal information.

In the case we provide your personal information to third parties outside China, we will implement measures required under the Law, such as notifying you of such third parties’ names, contact methods, handling methods, categories of personal information and the methods and procedures in which the rights set forth under the Law will be exercised against such third parties.

We shall provide your personal information to the following third parties outside China.

A.

Third parties’ names
Shimadzu Scientific Instruments, Inc., Shimadzu Scientific Instruments (TAIWAN) CO.,LTD., SAP Japan Co.,Ltd., Amazon Web Services Japan G.K.

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
To announce our and our subsidiaries’ exhibitions, seminars, products, and services, etc., and to analyse your behavior.

Third party handling methods
In the manner stated in 1. above

Categories of Personal Information
Name, email address, workplace information, inquiry details, Communication Information

Manner and procedures, etc. to exercise the rights set forth by the Law against third parties
Please contact us using our contact details stated in Section 10 of the Policy.

B.

Third party name
Shimadzu Business Systems Corporation

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
Log-in setting, operation and troubleshooting responses for systems used in transactions

Third party handling methods
In the manner stated in 1. above

Categories of Personal Information
Name, email address, telephone number, workplace information, division and department

Manner and procedures, etc. to exercise the rights set forth by the Law against a third party
Please contact us using our contact details stated in Section 10 of the Policy.

C.

Third party name
OneTrust, LLC

How to contact third parties
Please contact us using our contact details stated in Section 10 of the Policy.

Purposes of third party handling
Use of cookie consent management tool

Third party handling methods
In the manner stated in 1. above

Categories of Personal Information
Consent to acquisition or use of cookies, IP address and language information

Manner and procedures, etc. to exercise the rights set forth by the Law against a third party
Please contact us using our contact details stated in Section 10 of the Policy.