• HOME
  • Privacy Policy
  • Attachment regarding the application of the "Personal Information Protection Policy" in the EEA (European Economic Area) and the United Kingdom

Attachment regarding the application of the "Personal Information Protection Policy" in the EEA (European Economic Area) and the United Kingdom

Publication date: January 1, 2024

Last updated: January 1, 2024

This document describes the processing of personal information of individuals located or resident in the EEA (European Economic Area) and the United Kingdom of Great Britain and Northern Ireland (hereinafter referred to as "the United Kingdom") by each company in artience group, and the TOYO INK EUROPE SPECIALTY Applicable to the processing of personal data by CHEMICALS SAS, TOYO INK EUROPE FRANCE SAS, TOYO INK EUROPE NV, TOYO INK EUROPE UK LTD., TOYO INK EUROPE DEUTSCHLAND GmbH, UBA “TOYO INK EUROPE BALTICA”, TOYO INK HUNGARY KFT. This is an appendix regarding GDPR (EU General Data Protection Regulation) and UK GDPR (UK General Data Protection Regulation) (hereinafter collectively referred to as "GDPR").

The attachment is attached to our group's "Personal Information Protection Policy (Privacy Policy)" (hereinafter referred to as the "Policy") and contains laws and regulations regarding the protection of personal information that apply in a specific country or region. This policy has been established in order to comply with the above, and in the event of any discrepancies or inconsistencies between this policy and the attached sheet, the contents of the attached sheet will take precedence.

1. Legal basis for processing

Each company in our group processes the personal information of the individual for the purposes described in "II. Purpose of use of personal information" of this policy based on the following legal bases.

Please note that we may obtain consent from the individual regarding his or her personal information, but even in this case, the following ``(1) Purpose of use of personal information regarding customers and business partners'' and ``(2) Purpose of use of personal information for our group.'' ``(3) Purpose of use of personal information regarding our shareholders'' ``(4) Viewing our group site or inputting forms such as inquiry forms on our group site'' Except for the cases described in ``When obtaining the consent of the person in advance (GDPR Article 6, Paragraph 1 (a))'' in each section of ``Purposes of use of personal information about people who have entered information.'' The legal basis for the processing may be one of the following:

  • When processing is necessary for the pursuit of legitimate interests
  • If the processing is necessary for the performance of a contract;
  • If the processing is necessary for compliance with a legal obligation;

(1) Purpose of use of personal information about customers and business partners

  • When processing is necessary for the pursuit of legitimate interests (GDPR Article 6, Paragraph 1 (f)) (*)
    1. To provide various information, such as providing information on products, services, or support of our group or our business partners, and information on events such as exhibitions.
    2. To answer and respond to inquiries, and otherwise contact the individuals concerned, in the execution of the Group’s business
    3. To request surveys, questionnaires, etc. related to our group's various plans and businesses, to analyze the responses, and to contact you after the fact.
    4. To send or order delivery of products, samples, and catalogs, etc., and to install, repair, inspect and conduct after-sales service of machinery, devices and other products sold by the Group
    5. To send prizes, etc., to customers who have won them as a result of prize competitions, etc., conducted by the Group
    6. To act as an agent or intermediary with business partners
    7. To exercise rights or fulfill obligations under contracts or other laws other than EU, Member State or UK law.
    8. To create statistical data after anonymizing it so that individuals cannot be identified or identified (excluding those based on the consent of the individual below).
  • When processing is necessary for the performance of a contract (Article 6, Paragraph 1 (b) of the GDPR)

    Notwithstanding the above, among the purposes listed in "II. Purpose of use of personal information" of this policy, if processing is necessary for the performance of a contract to which the data subject is a party to the contract, or Prior to entering into an agreement, we rely on this basis if the processing is necessary to take steps at the request of the data subject.

  • Where the processing is necessary for compliance with a legal obligation (Article 6(1)(c) GDPR)
    1. To comply with legal obligations under EU, Member State and UK law.
  • When obtaining the consent of the person in advance (GDPR Article 6, Paragraph 1 (a))
    1. For the use of cookies and similar technologies other than those strictly necessary.
    2. When consent is required by law for direct marketing to the individual concerned.

(2) Purpose of use of personal information of persons who wish to join the Group

  • When processing is necessary for the pursuit of legitimate interests (GDPR Article 6, Paragraph 1 (f)) (*)
    1. To consider and decide on employment conditions, consider and decide on acceptance or rejection, confirm application history, investigate applicant's work history and background, and carry out other procedures necessary for recruitment selection.
    2. To provide information on necessary matters relating to joining the Company after a hiring decision has been made, and to carry out other necessary procedures
    3. To provide information on employment with the Group, and other transaction opportunities and events
    4. To utilize for the Group’s future recruitment activities (including consideration of recruitment plans)
    5. To improve the content of the Group’s website for prospective employees and to improve other recruitment activities
    6. To create statistical materials, etc. that have been anonymized so that individuals cannot be identified or identified (excluding those based on the consent of the individual below).
  • When obtaining the consent of the person in advance (GDPR Article 6, Paragraph 1 (a))
    1. For the use of cookies and similar technologies other than those strictly necessary.

(3) Purpose of use of personal information of the Company’s shareholders

  • When processing is necessary for the pursuit of legitimate interests (GDPR Article 6, Paragraph 1 (f)) (*)
    1. To exercise rights and perform obligations under the Companies Act
    2. To provide various benefits from the Company for shareholders
    3. To take measures to facilitate relationships between an association and its members of relationships between a company and its shareholders
    4. For management of shareholders, including the preparation of shareholder data in accordance with the standards specified under laws

⑷ Purpose of use of personal information about those who browse the Group’s website or enter information into inquiry forms or other input forms on the Group’s website (hereinafter referred to as “site visitors”)

  • When processing is necessary for the pursuit of legitimate interests (GDPR Article 6, Paragraph 1 (f)) (*)
    1. To answer and respond to inquiries and requests from site visitors
    2. To create statistical data, after making information anonymous so that individuals cannot be identified
    3. To analyze your preferences for our group's services, to distribute content more effectively on our group sites, and to otherwise improve our group sites (excluding those based on your consent below).
  • When obtaining the consent of the person in advance (GDPR Article 6, Paragraph 1 (a))
    1. For the use of cookies and similar technologies other than those strictly necessary.

(*) For more information regarding the balancing test for legitimate interests (GDPR Article 6, Paragraph 1 (f)), please contact our group's designated contact point listed in "IX. Contact Information" of this policy.

2. Transfer of personal information outside the territory

When transferring personal information outside the EEA (European Economic Area) or the United Kingdom, each company in our group shall ensure that the sufficiency determination (*) (Article 45 of the GDPR) is granted for each country. Relying on the contents of the accreditation documentation, for other countries the standard data protection clauses approved by the European Commission (Article 46(2)(c) and 5) of the GDPR or the ICO (UK Privacy Policy) We will implement appropriate safeguards by entering into standard data protection clauses (Article 46(2)(d) of the UK GDPR) approved by a supervisory authority (Article 46(2)(d) of the UK GDPR) with the destination country.

If you would like to receive a copy of documents related to these protective measures, please contact the Group's designated contact point listed in "IX. Contact Information" of this policy.

(*) For information on “Adequacy Certification”, please refer to the web page at the URL below.
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

For information on adequacy certification in each country, please refer to the web page at the URL below.
UK:
https://commission.europa.eu/document/dabdaf35-ee58-405e-ac3e-924d04b2cfe4_en
Japan:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2019.076.01.0001.01.ENG&toc=OJ:L:2019:076:TOC
South Korea:
https://commission.europa.eu/document/e9453177-f192-4416-a147-3c57adc468c4_en

3. Rights of the data subject

The person whose personal information is processed has the following rights:

  • Obtaining information about data processing
    You have the right to obtain all necessary information from our Group companies regarding the data processing activities of the Group companies that concern you (Articles 13 and 14 of the GDPR).
  • Access to personal information
    You have the right to obtain confirmation from each company in our group as to whether personal information relating to you is being processed and, if such processing is taking place, the personal information and related You have the right to access certain information (Article 15 GDPR).
  • Correct or delete personal information
    The individual has the right to have each company in our group correct inaccurate personal information related to him or her without undue delay, and the right to have each company in our group complete incomplete personal information. (Article 16 GDPR). In addition, if certain conditions are met, the individual has the right to have each company in our group delete personal information related to him or her without undue delay (Article 17 of the GDPR).
  • Restrictions on processing of personal information
    If certain conditions are met, you have the right to have our group companies restrict the processing of your personal information (Article 18 of the GDPR).
  • Object to processing of personal information
    If certain conditions are met, you have the right to object to the processing of personal data concerning you (Article 21(1) GDPR).
  • Objections to direct marketing
    You have the right to object at any time to the processing of your personal data for direct marketing purposes (Article 21(2) GDPR).
  • Data portability of personal information
    Subject to certain conditions, you have the right to receive personal information relating to you in a structured, commonly used and machine-readable format, and to have that data transferred to our Group. have the right to transfer the data to another controller without hindrance (Article 20 GDPR).
  • Right to withdraw consent
    The individual has the right to withdraw his or her consent at any time by means separately specified by each company in our group when obtaining the individual's consent. However, the withdrawal of your consent will not affect the lawfulness of processing that was carried out based on your consent before it was withdrawn.
  • Not be subject to automated decision-making
    Provided that certain conditions are met, you have the right not to be subject to automated (non-human) decision-making that has legal or significant consequences for you (Article 3 of the GDPR). Article 22).
  • Filing a complaint
    You have the right to lodge a complaint with a data protection supervisory authority in the Member State of your residence, workplace or where the alleged infringement has occurred regarding the processing of personal data relating to you by a member of our group. (Article 77 GDPR).

###