Personal Information Protection Policy
（Privacy Policy）

Introduction

Kitazato Corporation and its group companies in Japan (hereinafter referred to as ‘the Company’) promise to protect and respect the privacy and personal information of our customers. This Privacy Policy (hereinafter referred to as ‘this Policy’) explains how the Company handles the personal information of our customers, including customers who are our clients, vendors, healthcare professionals, patients, clinical trial participants, product and service users, website visitors, job applicants, shareholders, and other individuals who provide personal information to the Company.

About us

Kitazato Corporation
100-10 Yanagishima, Fuji, Shizuoka 416-0932 Japan
CEO Futoshi Inoue

Please refer to the following for information about domestic group companies:
Kitazato Healthcare Corporation
Kitazato Biolaboratory
Kitazato bioscience Corporation（No website available）

Compliance with laws and regulations

Our company complies with the Act on the Protection of Personal Information (Act No. 57 of 2003) (hereinafter referred to as the ‘Personal Information Protection Act’), as well as other laws, guidelines from the Personal Information Protection Commission, and related guidelines. We handle personal information appropriately in accordance with these regulations.

In this policy, the term ‘personal information’ refers to information about a living individual that can identify a specific person through the included details such as name, date of birth, or other descriptions, as well as information containing personal identification codes. The definitions of other terms in this policy also follow the definitions outlined in the Personal Information Protection Act.

Collection and Use of Personal Information

When obtaining personal information of customers, we will inform them in advance of its intended use. Unless permitted by laws and regulations, we will not use the information for purposes other than those disclosed without consent. Moreover, we will not use personal information through methods that may promote or induce illegal or unfair practices.

We may acquire personal information that customers voluntarily provide to us (for example, applying or registering for events, visiting our booth, participating in trade shows, exhibitions, webinars, seminars, training events, submitting resumes or business cards, responding to surveys, or providing information through contact with our company).

In addition, our company may obtain personal information of customers from sources such as the company or organization to which they belong, our business partners, data brokers, or social networks, including this website and social media platforms (Facebook, LinkedIn, X, Instagram, WeChat, etc.).

We will not acquire sensitive personal information about customers (including medical information) without obtaining their consent. If we obtain sensitive personal information, we will handle it appropriately in accordance with the law and this policy.

Purpose of Use of Personal Information

We may use customer's personal information for the following purposes:

• 1. Personal information about individual customers
  • (a) To respond to customer inquiries, complaints, etc.
  • (b) To conduct surveys before and after entering the market (targeting customers).
  • (c) To ensure the safety of visitors' bodies and property to our facilities.
  • (d) For the safety management of our facilities.
• 2. Personal information about our customers (including patients, participants in clinical trials).
  • (a) For customer management.
  • (b) For the fulfillment of contracts.
  • (c) For contacting customers regarding our products and services.
  • (d) To request feedback from customers, conduct customer surveys, market research, and surveys to develop or improve our products and related services.
  • (e) To manage product defects or recalls.
  • (f) For the management of grants and donations.
  • (g) To comply with laws and industry regulations (such as providing information for proper use, reporting defects or transparency, etc.), responding to requests from public authorities, and complying with court orders.
  • (h) To obtain regulatory approval from health authorities.
  • (i) For the provision and collection of information regarding the proper use of research reagents, medical devices, etc.
  • (j) For the provision and collection of information regarding the quality, safety, or effectiveness of research reagents, medical devices, etc.
  • (k) To conduct research, investigations, or provide information in the fields of medicine, pharmacy, pharmaceuticals, and medical devices.
• 3. Personal information about vendors and business partners.
  • (a) For managing transactions with our company.
  • (b) For negotiations.
  • (c) For the fulfillment of contracts.
  • (d) For conducting necessary business-related communications.
• 4. Personal information about job applicants, etc.
  • (a) For considering and processing employment (for example, when customers apply for a job through our website) or outsourcing.
  • (b) For communication and information provision related to recruitment and outsourcing.
• 5. Personal information about our company's shareholders.
  • (a) For the management of shareholders.
  • (b) For communication regarding the rights and benefits as shareholders (such as notices for shareholder meetings, business reports, sending of dividends, etc.) and for the administrative processing related to the exercise of those rights.
  • (c) For providing information about our company's business.
• 6. Personal information about visitors to our company's website
  • (a) For managing access to our company's website.
  • (b) For responding to inquiries.
  • (c) To prevent and detect fraudulent activities and other crimes, and to ensure the security of the website.
  • (d) For marketing and promotion of products/services, to identify the interests of existing or potential customers or users for specific products or services, to provide better support, and to better respond to inquiries and needs from customers.

Third-Party Provision of Personal Information

1. Third-Party Provision

We will not provide personal information to third parties without customer's consent, except as permitted by laws and regulations. In particular, we may need to disclose your personal information to health authorities or industry organizations for compliance with regulations, such as defect reports, transparency reports, clinical trials, approval applications, product recalls, and other required disclosures.

2. Outsourcing Partners

We may outsource the administrative processing of customer's personal information to third parties within the scope necessary for achieving the purposes of use stated in the above ‘5. Purpose of Use of Personal Information.’ We carefully select outsourcing partners and take measures to ensure that customer's personal information is appropriately protected. We obligate outsourcing partners through written contracts to implement appropriate security measures to protect customer's personal information and conduct necessary and appropriate supervision.

3. Joint Use

We will jointly use the following personal data:

<Items of Personal Data>

Name, Date of Birth, Address, Email Address, Phone Number, Position, Department

<Scope of Entities>

Kitasato Healthcare Corporation and Kitasato Bioscience Corporation

<Purposes>

The purposes stated in sections 1 to 3 of ‘5. Purpose of Use of Personal Information.’

<Manager Responsible>

Kitazato Corporation (CEO, Futoshi Inoue)

Appropriate Management of Personal Information

We endeavor to keep customer's personal information accurate and up-to-date, and we strive for secure management to prevent loss, destruction, alteration, leakage to external parties, and unauthorized access.
We implement safety measures in accordance with our company's personal information protection regulations, including organizational, physical, and technical measures, as well as employee education. For details on our information security policy, please refer to the following link. 。
Information Security Policy

We will only retain customer's personal information for the necessary period to achieve the purposes stated in the above ‘5. Purpose of Use of Personal Information’ or as required by law.

Disclosure and Amendment of Personal Information

Customers are allowed to make the following requests to our company.

• Request for disclosure of personal information (including a request for disclosure of records of third-party provision.)
• Request for correction, etc., of personal information (correction, addition, deletion).
• Request for suspension of use of personal information, etc. (suspension of use, deletion, suspension of third-party provision).

When you wish to make these requests, please contact the following ‘10. Contact’ below.

To ensure the security of personal information of customer and prevent misuse, we request the submission of identification documents. This is to verify whether the requests of customers are legitimate and whether the necessary conditions for exercising their rights are met.

Cross-Border Transfer of Personal Information

We will not provide personal information of customer to third parties outside of Japan (including our affiliated companies and agents) unless we have obtained their consent or unless it falls under one of the following conditions.

• When transferring to EU countries and the United Kingdom, which the Personal Information Protection Commission has designated as having a personal information protection system equivalent to that of Japan.
• When entering into a contract regarding the protection of personal information with a third party that receives personal information from our company, and ensuring that your personal information is appropriately protected by that third party.

Contact

Please contact the following regarding inquiries of this policy.