Privacy Policy
Personal Information and Specific Personal Information Protection Policy
AI Medical Service Inc. (hereinafter referred to as "Company" , “we” or “our”) operates as a personal information handler engaged in the research, development, manufacturing, sales, and operation of medical-related systems. We recognize that appropriate handling and adequate protection of personal information is our social responsibility. Furthermore, we consider the protection of personal information and specific personal information to be one of the fundamental principles of our business activities, as it ensures peace of mind of our customers.
To fulfil our corporate social responsibilities, we will establish "Personal Information and Specific Personal Information Protection Policy" and hereby declares that we will make every effort to implement it. This policy complies with applicable personal information protection laws (including, but not limited to, laws, regulations, guidelines, and other directives related to the protection of personal information, as well as overseas personal information protection laws such as the EU General Data Protection Regulation (GDPR)).
1. Acquisition, use, and provide personal information, etc.
When handling personal information and specific personal information at our company, we will obtain, use, and provide such information only to the extent necessary for the performance of our business and for the employment and human resources management of our employees. When obtaining personal information and specific personal information, we will disclose the purpose of use or clearly indicate it to the individual concerned, establish and implement procedures to ensure that such information is not used for any purpose other than the disclosed purpose, and take necessary measures to prevent unauthorized access, loss, or damage. Similarly, we will strictly manage personal information and specific personal information entrusted to us by our business partners, and will handle such information solely within the scope specified in the relevant business outsourcing contract.
2. Compliance with Laws and Regulations
We will comply with all applicable laws and regulations regarding personal information and specific personal information, including the GDPR and other overseas personal information protection laws, as well as guidelines established by the government and other relevant standards.
3. Security Measures
We will take reasonable security measures and corrective actions to prevent unauthorized access to personal information and specific personal information, as well as the loss, destruction, alteration, or leakage of such information. For details on the security measures we have implemented, please contact us at "12. Contact Information."
4. Management System
We have appointed a personal information management officer responsible for the protection of personal information and specific personal information, and have granted them the necessary authority and responsibility to implement and operate the personal information protection management system, ensuring appropriate management.
5. Continuous Improvement
Our personal information protection management system will be continuously improved through education, operation, audits, and reviews.
6. Purpose of Use and Legal Basis
The personal information we obtain will be used within the scope of the following purposes. For details on the purposes of use and handling of personal information of customers residing in the EU and the UK, please refer to "13. Handling of Personal Information of Customers Residing in the EU and the UK."
No. | Personal information subject to this policy | Purpose |
1 |
Personal information entrusted to us in connection with the research, development, manufacturing, sales, and operation of medical-related systems and other services provided by our company |
① Performing tasks necessary for research and development
|
2 | Personal information (including cookie information) collected through our websites and other services |
① Personal authentication related to the services we provide, as well as investigations into unauthorized use such as impersonation
|
3 | Personal information received through inquiries submitted via our website | Confirmation, response, and communication regarding inquiries |
4 | Personal information of individuals who wish to apply for employment with our company |
① Procedures related to the recruitment process
|
5 | Personal information about employees |
① Procedures related to personnel management
|
6 |
Personal information of employees and other individuals |
In accordance with applicable laws and regulations, we will record the personal identification numbers of employees, subcontractors, and other individuals on documents such as withholding tax statements for salary income, payment statements, and applications for enrollment in health insurance and employee pension insurance, and submit such documents to government agencies and health insurance associations. |
7. Retention period for personal information
We will retain personal information for the period necessary to achieve the purposes specified above and will appropriately delete or anonymize such information upon the expiration of the retention period. The specific retention period will be determined based on the type of personal information, the purpose of use, legal obligations, and other factors. For details, please contact the "12. Contact Information."
8. Disclosure of personal information to third parties
(1) Except in the following cases, we will not provide personal information to third parties without the prior consent of the individual concerned.
● When required by law
● When necessary to protect human life, physical safety, or property, and obtaining the individual's consent is difficult
● When it is particularly necessary for the improvement of public health or the sound development of children, and obtaining the individual's consent is difficult
● When it is necessary to cooperate with national or local government agencies or their authorized representatives in the performance of their duties as prescribed by law, and obtaining the individual's consent would likely hinder the performance of such duties
● When entrusting the handling of all or part of personal information to a third party within the scope necessary to achieve the purpose of use (see "9. Outsourcing" below)
(2) We will not provide specific personal information to third parties except when required by law or judicial proceedings.
9. Outsourcing
We may outsource the handling of personal information we have received to external parties for the purpose of achieving the purposes of use specified in "6. Purpose of Use and Legal Basis." In such cases, we will contractually obligate the outsourcing party to comply with overseas personal information protection laws, including the GDPR, and to implement appropriate security measures, and we will conduct necessary and appropriate supervision.
10. Data Subject Rights
The data subject or their authorized representative has the following rights regarding their personal information held by us. (The main rights under Japan's Personal Information Protection Act are as follows. For rights under the GDPR, etc., for customers residing in the EU and the UK, please refer to "13. Handling of Personal Information of Customers Residing in the EU and the UK.") If you wish to exercise these rights, please contact us at "12. Contact Information." We will provide details on the procedures.
(1) Right to Request Disclosure, etc.: You may request notification of the purpose of use, disclosure (including disclosure of records of provision to third parties), correction, addition, or deletion of content, suspension of use, deletion, and suspension of provision to third parties (hereinafter referred to as "disclosure, etc.").
(2) Response Method: When a request for disclosure, etc. is received, we will respond using the method specified by the individual or their authorized representative, such as providing electronic records or delivering written documents. However, if the requested method is deemed excessive in light of the costs associated with disclosure, etc., or other circumstances, we may respond using a method specified by our company.
(3) Verification of Identity: When responding to inquiries, we may verify the identity of the individual making the request or their authorized representative. If we are unable to verify the identity of the individual making the request, we may be unable to respond to the request.
(4) Response within a reasonable period: We will respond to requests for disclosure of personal information, etc. from the individual or their representative, and our response to such requests will be provided within a reasonable period.
(5) Fees: When notifying the purpose of use or disclosing personal information or records of disclosure to third parties, a fee of 1,000 yen (including tax) will be charged for each request.
11. Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO). For inquiries regarding the handling of personal information, please use the contact window at "12. Contact Information." For inquiries regarding the GDPR, you may also use the contact window listed in "13. Handling of Personal Information of Customers Residing in the EU and the UK."
12. Contact Information
For any questions, complaints, or consultations regarding the handling of personal information, or inquiries regarding the exercise of rights as defined in "10.Data Subject Rights," please contact the following contact point.
AI Medical Service Inc. Personal Information Complaint Consultation Desk
Email:personal-info@ai-ms.com
Mailing Address: Hareza Tower 11F, 1-18-1, Higashi-Ikebukuro, Toshima-ku, Tokyo, 170-0013, JAPAN
Personal Information Protection Officer
13. Handling of Personal Information for Customers Residing in the EU and the UK
We will handle personal information obtained from customers residing in the EU and the UK in accordance with the following separate policy.
(1) Personal information of customers residing within the EU and UK that we handle, along with its purpose of use and legal basis
The personal information we obtain from customers will be used within the scope of the following purposes, based on the legal basis specified under the GDPR.
Personal information subject to this policy | Purpose | Legal basis under the GDPR |
Personal information entrusted to us in connection with the research, development, manufacturing, sales, and operation of medical-related systems and other services provided by our company |
① To carry out necessary business operations for research and development
|
To fulfill contracts
|
Personal information (including cookie information) entrusted to us through our websites, etc. |
① Personal authentication related to the services we provide, and investigation of unauthorized use such as impersonation
|
For the performance of the contract
|
Personal information received through inquiries submitted via our website | Confirmation, response, and contact regarding the inquiry | For our legitimate interests (inquiries) |
(2) Processing based on consent and the right to withdraw consent
We will handle your personal information in strict accordance with this Privacy Policy and the provisions of the preceding paragraph, based on your consent to the handling of personal information as set forth herein. Please note that you may withdraw your consent at any time; however, such withdrawal will not affect the legality of any processing conducted by us prior to the withdrawal. Additionally, if you are under the age of 16 and wish to use the services provided by us, you must obtain consent from your parent or guardian before agreeing to use the services provided by us.
(3) Necessity of Providing Personal Information
The personal information provided by customers is necessary for us to provide services to customers. Therefore, customers who do not provide such information may not be able to use the services provided by our company.
(4) Disclosure of Personal Information to Third Parties and Transfers to Third Countries
Except as necessary to achieve the purposes specified in Section 1, or as required by law, we will not disclose personal information to third parties without prior consent from customers.
We may transfer and process your personal information to countries outside the EU and the UK (including Japan). We will only transfer such information if the country to which it is transferred has been deemed by the European Commission to provide an adequate level of data protection, or if we have implemented appropriate safeguards, such as the Standard Contractual Clauses (SCCs).
(5) Retention Period
We will retain your personal information for as long as necessary to provide you with our services. However, we will promptly delete such information once it is no longer necessary. For specific retention periods, please contact us at "12. Contact Information."
(6) Data Subject Rights
Customers located within the EU and the UK have the following rights under the GDPR and applicable data protection laws. If you wish to exercise any of these rights, please contact the "(7) Data Protection Representative in EU and UK" listed below.
● Right to request disclosure
● Right to request rectification
● Right to erasure (right to be forgotten)
● Right to restrict processing
● Right to data portability (the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible)
● Right to object (including processing for direct marketing purposes, the right to object to the processing of personal data based on our legitimate interests)
● Right to withdraw consent (see above "(2) Processing based on consent and the right to withdraw consent")
(7) Data Protection Representative in EU and UK
We have appointed Data Protection Representative Limited (hereinafter referred to as "DataRep") as our Data Protection Representative.
For any questions regarding GDPR or UK data protection laws, or to exercise your rights regarding personal data, please use the following methods:
● Contact DataRep by email: Send an email todatarequest@datarep.com with "AI Medical Service Inc." in the subject line.
● Submit an inquiry via the web form: Access the form at www.datarep.com/data-request and complete the form.
● Inquire by mail: Please mail your inquiry to the DataRep office most convenient for you, as listed on the DataRep website (www.datarep.com/data-request). When inquiring by mail, please be sure to include "Data Protection Representative Limited" in the address and clearly indicate that the inquiry is regarding "AI Medical Service Inc." in the letter.
If you have any concerns about how DataRep handles personal data required for its data protection representative services, please refer to DataRep's Privacy Notice at www.datarep.com/privacy-policy .
(8) Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the data protection supervisory authority responsible for the handling of your personal information.
(9) Other
We may handle personal information differently from the above in accordance with the GDPR, other relevant laws and regulations, and the laws of the United Kingdom.
14. Cookie Policy
Our website uses cookies for the purposes of improving customer convenience, statistically analyzing website usage for website improvement, displaying the most appropriate content to customers, and delivering advertisements. For more details about our cookie policy, please refer to our separate "Cookie Policy."
15. Changes to the Privacy Policy
We may revise this Privacy Policy as necessary due to changes in laws and regulations or for operational reasons. In such cases, we will notify you by posting the revised policy on our website or by other appropriate means. We will endeavor to notify you in advance of any significant changes.
Effective Date: 2nd September 2019
Last Revised: 1st November 2024
AI Medical Service Inc.
Representative Director Tomohiro Tada
Contact
Feel free to contact us using the form below regarding joint research,
media coverage, business partnerships, or related opportunities.