Privacy Policy

In our business dealings, CMC Corporation handles various kinds of information. In consideration of our obligations to society, we have established this Privacy Policy and a robust confidentiality system.

■ 1. Introduction

CMC Corporation (hereafter, "we", "us", "CMC", "the Company", etc.) is keenly aware of the importance of the personal information of customers and other individuals, and, accordingly, has put in place the following policy for handling such information.

■ 2. Scope of Applicability

This Privacy Policy applies when personal information is provided to us and/or when our products and services are used.

■ 3. Privacy Policy: Fundamental Principles

  1. The Company will comply with Japanese laws and regulations regarding the protection of personal information, as well as other policies and guidelines established by government bodies, and our own corporate codes of conduct.
  2. We will assign a Data Controller to be responsible for ensuring personal information is properly safeguarded as part of a clearly defined personal information protection framework. In addition, we will ensure that all employees are familiar with company standards for safeguarding personal information.
  3. We will handle personal information within the scope clearly indicated to the individual to whom the personal information pertains. Personal information we receive will not be disclosed to third parties, except in cases where the consent of the individual has been obtained, or when there is a legitimate reason, such as being required by law.
  4. We will put in place appropriate safety measures to prevent leaks, unauthorized access, loss, damage, tampering, or destruction of personal information, and will take corrective action as necessary.
  5. We will provide employees with ongoing information security training, including training on protection of personal information.
  6. We will respond appropriately to inquiries, complaints, consultations, and requests for disclosure from individuals in relation to their personal information in accordance with laws and regulations.
  7. Based on the above framework for protecting personal information, CMC will maintain and continuously improve an Information Security Management System (ISMS) that is based on the standards stipulated in ISO/IEC27001.

■ 4. What Do We Use Personal Information for and How Is It Handled?

All personal information that is currently in our possession or that will be acquired in the future, will be acquired and handled within the scope required to achieve the objectives of the following activities.

Applicable parties Applicable activities
Users of products and services
  1. Promotion of company business

    ■ Our business domains:

    1. 1)Technical information
    2. 2)Personnel development
    3. 3)Process improvement
    4. 4)Marketing strategy
  2. Collection, provision, and exchange of information pertaining to company business and products/services
  3. Conducting, analyzing, and handling market research (surveys, etc.), marketing, sales promotions, sales activities, sending materials
  4. Planning, execution, and wrap-up of exhibitions, events, and training sessions
  5. Establishing and improving operation processes
  6. Responding to questions, inquiries, and requests; meetings
  7. Exchanging information on the above with other CMC Group companies; conducting internal training

Employees of business counterparts
  1. Communications related to the conducting of business operations
  2. Accounting of business expenses
  3. Communications related to the provision of information pertaining to our business, products, and services
  4. Sending greeting cards, thank-you letters, and other announcements
Parties involved in investor relations
  1. Provision and exchange of information with shareholders and investors
Job applicants
  1. Communications pertaining to job applications, introductory briefings, recruiting schedule
  2. Communications pertaining to the screening/evaluation of prospective candidates and results of interviews
  3. Information about company onboarding procedures

Note: In some cases, personal information we handle may be obtained via recruiting companies.

Employees
(senior management)
  1. Communications related to the conducting of business operations
  2. Administration, personnel, and other labor-related matters (welfare and benefits, insurance procedures, salary payments, attendance management, occupational health and safety (including health management), etc.)
  3. Emergency communications
  4. Internal communications (information exchange, sharing facial data, company newsletters and other information sharing mediums, etc.)
  5. Communication with external parties (correspondence with external organizations and individuals, sharing facial data, job sites and other job search environments, work performance status, etc.)
People with personal relationships to employees
  1. Emergency communications
  2. Fidelity guarantees of employees
Retired employees
  1. Legally obligated administrative matters pertaining to retired employees

Note: Personal information obtained from subcontractors and other third-parties will be used within the scope covered by the subcontracting agreement.

■ 5. Handling of Personal Information in Cases Other Than for the Intended Purpose

In cases where personal information will be used for purposes other than those specified in this Privacy Policy, where necessary, a Privacy Policy that addresses the intended purpose of use will be formulated, communicated to the individual concerned, and disclosed to the public before the personal information is acquired and any action taken with it.

■ 6. What Personal Data Do We Collect?

Personal information collected:

The Company may collect the following personal information depending on the purpose it is to be used for. All information will be acquired and handled by fair and appropriate methods based on this Privacy Policy.

Basic information Name
Personal information pertaining to business-to-business (BtoB) operations
  1. Workplace contact details (organization name, department, address, telephone number, fax number, email address, SNS, and other ID information)
  2. Information pertaining to accounting processing of business expenses (bank account information, etc.)
  3. Information pertaining to individuals' work duties, relevant products and services
  4. If required for business purposes: Photos, career history, qualifications and other evidence of competence
  5. If required for overseas visitors: Passport number, visa information
Personal information pertaining to business-to-consumer (BtoC) operations
  1. Home address and other contact details (address, telephone number, fax number, email address, SNS, and other ID information)
  2. Information pertaining to accounting processing of business expenses (bank account information, etc.)
  3. Information pertaining to individuals' work duties, relevant products and services
  4. If required for business purposes: Passport photos, career history, qualifications and other evidence of competence
  5. If required for overseas visitors: Passport number, visa information
Personal information of job applicants
  1. Job applicant's resume (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Facial and other physical appearance image data, audio data (e.g., data for employee identification cards, audio/video recordings of online conference services and security cameras)
  3. Information required for processing transportation, accommodation expenses, etc. (bank account information, etc.)
Personal information of permanent/
contract employees

The following information may be collected on permanent/contract employees:

  1. Resume/CV information (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Accounting-related information (bank account information for payment of salaries, etc.)
  3. Information pertaining to administration, personnel, training, and other labor-related matters (welfare and benefits, salary payments, attendance management, occupational health and safety (including health management), etc.)
  4. Family and accounting-related information required for administration of legally obligated welfare benefits
  5. Emergency contact information (for use in the event of a major disaster, sudden illness, etc.)
  6. My Number, passport number, visa information
  7. Information on third parties required for fidelity guarantees
  8. Information on work duties, products, or services in which the individual in question will be involved or that will be relevant to the individual
  9. Facial and other physical appearance image data, audio data (e.g., for employee identification cards, audio/video recordings of online conference services and security cameras)
Personal information of independent contract workers/
temporary agency staff

The following information may be collected about independent contract workers and temporary agency staff:

  1. Resume/CV information (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Information pertaining to administration, personnel, training, and other labor-related matters (welfare and benefits, salary payments, attendance management, occupational health and safety (including health management), etc.)
  3. Facial and other physical appearance image data, audio data (e.g., data for employee identification cards, audio/video recordings of online conference services and security cameras)
  4. Emergency contact information (for use in the event of a major disaster, sudden illness, etc.)
  5. Information on work duties, products, or services in which the individual in question will be involved or that will be relevant to the individual
ICT-related information
  1. Cookies, IP addresses, web beacons, tracking tags, mobile device identifiers, identifiers such as SNS and service IDs, access information, usage information, behavior logs

Sensitive personal information:
Except in cases where we have obtained the consent of the individual concerned or where required by law, CMC will not acquire or make use of sensitive personal information (information such as race, political beliefs, social status, medical history, criminal history, the fact that one has been a victim of crime, or other information that may be used in a way that may cause unjust discrimination, prejudice, or other disadvantage to the individual concerned).

■ 7. Can I Choose Not to Provide My Personal Information?

In principle, when customers and other individuals provide their personal information to us, it is done voluntarily. However, if an individual chooses not to provide us with any part of their personal information, the said individual may be unable to use some or all of the products and services we offer.

■ 8. Supervision of Subcontractors

In order to use the received information for its intended purpose, there may be cases in which we provide an individual's personal information to a third party. In such cases, third parties to whom the information will be provided will be carefully screened and evaluated before being selected. We will conclude a confidentiality agreement with the third party and conduct the necessary oversight.

■ 9. Who Do We Share Personal Information With?

1. The Company may share personal information we receive with other CMC Group companies.

Other users with whom information may be shared
Purposes of use by other users

The same purposes as "4. What Do We Use Personal Information for and How Is It Handled?" above.

Items of personal information that may be shared

Among the items in "6. What Personal Data Do We Collect?": Business card information (contact details such as name, organization, telephone number, email address), information on our products and services, personal information required in the completion of the usage objectives, information registered on ICT services for sharing information with CMC Group companies, information on work duties, ICT-related information

Personal information collected:
The Company may collect the following personal information depending on the purpose it is to be used for. All information will be acquired and handled by fair and appropriate methods based on this Privacy Policy.

Basic information Name
Personal information pertaining to business-to-business (BtoB) operations
  1. Workplace contact details (organization name, department, address, telephone number, fax number, email address, SNS, and other ID information)
  2. Information pertaining to accounting processing of business expenses (bank account information, etc.)
  3. Information pertaining to individuals' work duties, relevant products and services
  4. If required for business purposes: Photos, career history, qualifications and other evidence of competence
  5. If required for overseas visitors: Passport number, visa information
Personal information pertaining to business-to-consumer (BtoC) operations
  1. Home address and other contact details (address, telephone number, fax number, email address, SNS, and other ID information)
  2. Information pertaining to accounting processing of business expenses (bank account information, etc.)
  3. Information pertaining to individuals' work duties, relevant products and services
  4. If required for business purposes: Photos, career history, qualifications and other evidence of competence
  5. If required for overseas visitors: Passport number, visa information
Personal information of job applicants
  1. Job applicant's resume (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Facial and other physical appearance image data, audio data (e.g., data for employee identification cards, audio/video recordings of online conference services and security cameras)
  3. Information required for processing transportation, accommodation expenses, etc. (bank account information, etc.)
Personal information of permanent/
contract employees

The following information may be collected on permanent/contract employees:

  1. Resume/CV information (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Accounting-related information (bank account information for payment of salaries, etc.)
  3. Information pertaining to administration, personnel, training, and other labor-related matters (welfare and benefits, salary payments, attendance management, occupational health and safety (including health management), etc.)
  4. Family and accounting-related information required for administration of legally obligated welfare benefits
  5. Emergency contact information (for use in the event of a major disaster, sudden illness, etc.)
  6. My Number, passport number, visa information
  7. Facial and other physical appearance image data, audio data (e.g., for employee identification cards, audio/video recordings of online conference services and security cameras)
  8. Information on third parties required for fidelity guarantees
  9. Information on work duties, products, or services in which the individual in question will be involved or that will be relevant to the individual
Personal information of independent contract workers/
temporary agency staff

The following information may be collected about independent contract workers and temporary agency staff:

  1. Resume/CV information (date of birth, home address, sex/gender, telephone number, email address, education and training, employment history, qualifications, references, etc.)
  2. Information pertaining to administration, personnel, training, and other labor-related matters (payment of expenses, attendance management, occupational health and safety (including health management), etc.)
  3. Facial and other physical appearance image data, audio data (e.g., data for employee identification cards, audio/video recordings of online conference services and security cameras)
  4. Emergency contact information (for use in the event of a major disaster, sudden illness, etc.)
  5. Information on work duties, products, or services in which the individual in question will be involved or that will be relevant to the individual
ICT-related information
  • Cookies, IP addresses, web beacons, tracking tags, mobile device identifiers, identifiers such as SNS and service IDs, access information, usage information, behavior logs

Sensitive personal information:
Except in cases where we have obtained the consent of the individual concerned or where required by law, CMC will not acquire or make use of sensitive personal information (information such as race, political beliefs, social status, medical history, criminal history, the fact that one has been a victim of crime, or other information that may be used in a way that may cause unjust discrimination, prejudice, or other disadvantage to the individual concerned).

Data controller at organizations with which information is shared

The data controller at each company in question

How personal information will be shared

In writing, via ICT services (email, websites, SNS, etc.), verbally

2. In the event that personal information is to be shared with parties other than CMC Group companies, the following matters will be clarified, communicated, or disclosed as applicable.

Matters to be clarified, communicated, or disclosed in the case of information sharing:

  1. Users with whom information will be shared
  2. Purpose of sharing information
  3. Items of personal information that will be shared
  4. Data controller at the organizations with whom the information is shared
  5. How personal information will be shared

■ 10. Provision to Third Parties

Personal information CMC receives will not be shared with third parties without the consent of the individual concerned, although personal information may be shared in the cases outlined below. Further, the provision of personal information to subcontractors or other users is not considered to be provision to a third party as stipulated in this section.

  1. When the consent of the individual concerned has been obtained
  2. When legally obligated to do so
  3. When it is necessary for the protection of the life, safety, or property of an individual and the consent of the individual concerned cannot easily be obtained
  4. When it is necessary to cooperate with a national agency or local government body, or with an entity commissioned by one of these bodies, in order to fulfill legal obligations, and when obtaining the consent of the individual concerned may impede the fulfillment of the relevant obligations
  5. When providing or disclosing statistical data that has been anonymized (i.e., data in which specific individuals cannot be identified)
  6. When personal information is provided in connection with a business succession due to a merger, corporate split, or other transfer of business

■ 11. Are There Any International Transfers of Personal Data?

Should we need to provide personal information to third parties outside of Japan (including subcontractors and other users), we will take the necessary action to ensure we are in compliance with all relevant laws and regulations.

■ 12. Use of Anonymized Data

We may create anonymized data (i.e., data in which specific individuals cannot be identified) based on the personal information we collect. After verifying that specific individuals cannot be identified in the anonymized data, it may be provided to third parties or used without restriction in our business operations.

■ 13. Requests to Customers Under 16 Years Old

If you are under the age of 16, please obtain permission from your parents or guardian before providing us with personal information.

■ 14. How Are Inquiries and Requests Regarding Personal Information Handled?

  1. When, at the request of the individual concerned, CMC discloses, modifies, adds to, discontinues the use of, deletes, or erases personal information provided to us, or when responding to opinions, inquiries, complaints, or consultations about our handling of personal information, we will do so in an appropriate manner that is in accordance with laws and regulations.
  2. Nevertheless, where there may be a significant impediment to the normal operation of our business or a risk that laws or regulations may be violated, the Company may be unable to comply with some requests.

■ 15. How Do I Inquire About the Handling of Personal Information and Who Do I Contact?

■ Inquiries about personal information

For inquiries about personal information, please contact us using the details below:

Inquiries about personal information:
CMC Corporation
Administration Division
1-1-19 Heiwa, Naka-ku, Nagoya, Aichi

We will use any personal information provided to us in connection with your inquiry solely for the purpose of responding to the inquiry. Please be advised that by submitting your inquiry you agree to the conditions detailed above. Please refer to our Privacy Policy for details on the handling of personal information.

■ How to send information

Any necessary documents should be sent by mail.

■ Identity verification

When CMC receives an inquiry about personal information in our possession, we will need to verify the identity of the person making the inquiry. Please send the following materials to us by mail when making an inquiry.

  • Identification documents
    Copies of two (2) of the following documents: driver's license, health insurance card, passport, pension book

■ 17. Other Privacy Policies

In addition to this"Privacy Policy", the following privacy policies will be formulated. The privacy policies for the websites and applications of individual products, services, and businesses will be stipulated in the terms of use of the relevant websites and applications.

■ 18. Changes to This Privacy Policy

The Company reserves the right to make changes to our Privacy Policy. Any changes will be posted on our website. Please check the website for the latest version of our Privacy Policy.

■ 19. Continuous Improvement

In accordance with the above policy, CMC maintains an Information Security Management System (ISMS), a framework for safeguarding personal information based on the standards of the ISO/IEC 27001. To stay on top of changes in personal information and the way it is handled, as well as other changes in the business landscape, we continue to improve the framework by conducting periodic training and internal audits.

代表取締役社長 佐々 幸恭

Yukiyasu Sasa

President and CEO
CMC Corporation

Established April 1, 2005
Updated October 16, 2015

For enquiries about the above policy, please contact:

CMC Corporation
CMC Corporation
Administration Division
1-1-19 Heiwa, Naka-ku, Nagoya, Aichi
Tel: 052-322-3355
Email: privacy@cmc.co.jp

We will use any personal information provided to us in connection with your inquiry solely for the purpose of responding to the inquiry. Please be advised that by submitting your inquiry you agree to the conditions detailed above. Please refer to our Privacy Policy for details on the handling of personal information.

Note:

・This Privacy Policy describes how we collect and process personal information in Japan. Please be aware that laws and regulations pertaining to the protection of personal information in other countries may not be addressed by this policy.

・The English translation of this Privacy Policy has been prepared solely for reference purposes.

・No warranties or assurances are given regarding the accuracy or completeness of the English translation of this policy.

・In the event of any discrepancy between this translation and the Japanese original, the original shall prevail.

・Please refer to the Japanese website here for the original version.