Privacy Policy for Personal Data Subject to GDPR

The Companies (YAZAKI CORPORATION, YAZAKI METER CO., Ltd. / YAZAKI PARTS Co., Ltd., and YAZAKI ENERGY SYSTEM CORPORATION) apply the following policy to the processing of the personal data subject to EU "General Data Protection Regulation No 2016/679".

YAZAKI CORPORATION, YAZAKI METER CO., Ltd./YAZAKI PARTS Co., Ltd., and YAZAKI ENERGY SYSTEM CORPORATION (with all four companies combined, the “Companies” ) may collect your personal data when you visit our website (the “Website”) or through business with you. The protection of your personal data is of great importance to the Companies and our affiliates in Japan (with both combined the “Company Group”).

The Privacy Policy therefore intends to inform you about how the Companies, Japanese companies with their headquarters at 17th Floor, Mita-Kokusai Bldg., 4-28 Mita 1-chome, Minato-ku, Tokyo, 108-8333 Japan, acting as the data controller, collect and process your personal data that you submit or disclose to us. The Companies also act as the data controller or processor when we process your personal data received or obtained through third-parties. We process this personal data in accordance with the applicable EU and Member State regulations on data protection, in particular, the General Data Protection Regulation No 2016/679 (the “GDPR”).

Processing of “Personal data” in the Privacy Policy means either of the followings:

(i) processing of personal data in the context of the activities of an establishment of a controller or a processor in the European Area (the “EEA”) regardless of whether the processing takes place in the EEA or not (Article 3.1 GDPR), or

(ii) processing of personal data of data subjects who are in the EEA by a controller or processor not established in the EEA, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the EEA; or (b) the monitoring of their behavior as far as their behavior takes place within the EEA (Article 3.2 GDPR).

If you do not wish your personal data to be used by the Companies as set out in this Privacy Policy, please do not provide us your personal data. Please note that in such a case, we may not be able to provide you with our services, you may not have access and/or use some features of the Website, and your customer experience may be impacted.

If you have any queries or comments relating to this Privacy Policy, please contact us by using the contact address specified under this Privacy Policy .

The Companies will always process your personal data based on one of the legal basis provided for in the GDPR (Article 6 and 7). In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, religious views, or health condition, in accordance with the special rules provided for in the GDPR (Articles 9 and 10).

The Companies may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interest and provide you with adequate services and products:

The Companies may also collect and process your personal data for the following purposes, based on the execution of our contractual relationship between you and us:

Finally, subject to obtaining your express prior consent, the Companies may also collect and process your personal data for the following purposes:

Please be aware that you are entitled to withdraw your consent at any time, and this without affecting the lawfulness of processing based on your consent before withdrawal thereof.

The Companies will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with its legal obligations, to ensure that it provides an adequate service, and to support its business activities (Article 5 and 25(2) GDPR).

For the purposes specified under this Privacy Policy, the Companies need to collect the following categories of personal data:

The Companies can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill forms displayed on the Website) or indirectly where such personal data is provided to us by your electronic communication terminal equipment or your Internet browser. The Companies ensure that the personal data processed be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

The Companies may share your personal data with the Company Group entities and with third-parties in accordance with the GDPR. Where we share your data with data processors, we will put an appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we share your data with any entity outside the EEA, we will put the appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controllerto-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 ff. GDPR).

Strategic Partners

Subject to your prior consent, your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. The Companies may currently share your personal data with the following strategic partners (makers or suppliers). Your personal data will only be shared by us with these companies in order to provide or improve our products, services and advertising.

Service Providers

The Companies share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys. We may currently share your personal data with service providers.

Corporate Affiliates and Corporate Business Transactions

The Companies may share your personal data with the Companies’ affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.

Legal Compliance and Security

It may be necessary for the Companies – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. The Companies may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

Data Transfers

Such disclosures may involve transferring your personal data out of the European Union to the following country. For each of these transfers, the Companies make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.
We will not use your personal data for online marketing purposes unless you have expressly consented to such use of your personal data.

The Companies handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as the controller or as the processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).

The Companies process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures to achieve this (Article 25(1) and 32 GDPR).

In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, the Companies have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).

The Companies have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it. In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).

You have the following rights regarding personal data collected and processed by us.

If you intend to exercise such rights, please refer to the contact section specified under this privacy policy.

If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.

Our products and services are intended to adult customers. Thus, the Companies do not knowingly collect and process information of children under sixteen (16). If we discover that we have collected and processed the personal data of a child under sixteen (16), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible. If you become aware that a child under sixteen (16) has provided us with personal data, please contact us immediately by using the contact address specified under this Privacy Policy.

The Companies may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.

The companies may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy via the Website. If we make changes which we believe are significant, we will inform you through the Website to the extent possible and seek for your consent where applicable.

For any questions or requests relating to this Privacy Policy, you can contact our Information Security Management Committee by email The contact details of the Data Protection Officer are as follows: