1. COMPLIANCE WITH LAWS AND REGULATIONS
Our Company strictly observes applicable laws, regulations, contracts, and other standards related to the collection, use, disclosure, and protection of personal data.
2. HANDLING OF PERSONAL DATA
Acquisition of Personal Data
Our Company collects the following information in a lawful, fair, and appropriate manner in connection with the scope of our Company’s activities such as the provision of various services, collaborations with dentists, orthodontists and/or other third-party service providers, and recruitment activities. The following are examples of information collected by the Company, some of which are not personal data and are not covered by obligations and responsibilities relating to the protection of personal data:
Information provided by customers and others.
- Name, address, telephone number, fax number, e-mail address.
- Information such as company name, organization name, department name, title, workplace address, and workplace contact information.
- Information such as date of birth and gender.
- Credit card information and other information concerning payment methods.
- Information on educational background, employment history, qualifications, etc., and applications for recruitment and selection.
- In addition to the above, all information provided to our company by customers.
Information acquired in connection with the use of various services provided by our Company.
- Information regarding contracts, reservations, cancellations, maintenance, purchases, and campaign applications for services, goods, and all other services provided by our Company
- Information on subscriptions to e-mail magazines distributed from our Company
- If you have provided our Company with your opinions, questions, answers to questionnaires, etc., by telephone, e-mail, Facebook, Facebook Messenger, Instagram, LinkedIn, Twitter, LINE Official Account or by any other means, information pertaining to such contents.
Information mechanically obtained by accessing a website and so forth.
- Information such as terminal identifier, mobile terminal identifier, IP address, name associated with the terminal, type of terminal, phone number, country, and username, mail address, etc., when you use websites, applications, etc. provided by our Company on the terminal or mobile terminal.
- Information about your current location in the event that you use our Company’s services, apps, etc. on your terminal or mobile terminal and have authorized the provision of location information there.
- When the customer uses services and apps provided by our Company, various information concerning the usage and usage of the services and apps provided by the customer to our Company directly or through a third party who provides our Company’s services and apps.
Cookies (Cookies), About Using Web Beacons
Using Google Analytics (Google Analytics)
3. CONSENT TO THE COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
Our Company generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorized by you to disclose your personal data to us (your “authorized representative”) after (i) you (or your authorized representative) have been notified of the purposes for which the personal data is collected, and (ii) you (or your authorized representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of your personal data without consent is permitted or required by the PDPA or other applicable laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorized by law).
4. PURPOSE OF USE
Our Company may collect and use the acquired personal data within the scope indicated in “Purpose of Use“. Personal data other than those listed in Table 1 “Type of personal data to obtain” shall only be used after notifying the purpose of use individually or publicly, or after obtaining the prior consent of the customer, etc.
Purpose of Use
Type of personal data to be obtained Purpose of use. Information and communication related to the provision of services such as reservation, contract, and cancellation of personal data concerning customers, cooperation with reservation systems, cooperation with affiliated hospitals for information necessary for reservation, medical examination, and treatment, information and communication related to other services, information on new services and campaigns, sending email newsletters, direct mail, Facebook, Facebook Messenger, Instagram, Twitter, LINE official account etc., creation of statistical data for marketing and sales promotion, provision of various information, conducting and tabulating surveys and questionnaires, responding to inquiries from patients and affiliated hospitals, operating web services and reservation functions, distributing appropriate information to patients, etc.
5. THIRD-PARTY PROVISION
Our Company outsources part of its business relating to personal data. Our Company considers the management of outsources to be extremely important, and when outsourcing such work, our Company selects business operators that meet the level of personal data protection stipulated by the PDPA, and clarifies each other’s obligations under non-disclosure agreements, etc. In addition, the Company requests the relevant business entities to handle personal data appropriately, and continuously conducts supervision and audits necessary for the security management of personal data.
As a general rule, our Company does not disclose or provide personal data to third parties, except for affiliated hospitals, subsidiaries, related corporations, service providers, vendors, as an extension of our services to you and regulatory authorities. However, if our Company grants various benefits to you based on a joint campaign with a third party, in response to an inquiry from the third party, our Company may respond to and disclose part of your personal data for the purposes of providing such benefit to you.
Notwithstanding the preceding paragraph, personal data may be provided to third parties in the following cases. In addition, we will disclose and provide your personal data appropriately in accordance with the PDPA and other applicable laws and regulations.
- With the consent of the customer
- Cases where disclosure of personal data is required by a court, public prosecutors’ office, police, tax office, bar association, or other organization with equivalent authority
- Where our Company outsources all or part of its business to a third party
- Cases where disclosure is made to a person who has a duty of confidentiality with respect to our Company
- Cases where disclosure is made to a person who will succeed to the business upon a succession of the business due to a merger, transfer of business or any other cause
- When permitted by the PDPA and/or other laws and regulations
- Other cases specified separately for each of our Company’s service
6. JOINT USE
Our Company may share personal data provided to it in campaigns, seminars and advertising campaigns jointly held with Group companies or business partners. In such a case, the purpose of use, data items, the scope of users, and the person in charge of management shall be clarified in advance and notified or announced. We will also ensure thorough safety management among joint users in accordance with laws and regulations.
7. HANDLING OF LINKED PERSONAL DATA
If there is a transaction with the advertiser who advertises or promotes on the website operated by our company or in the mail magazine, etc., the user carries out the transaction with the advertiser by his/her own judgment and responsibility, and our company shall not be liable in any way for this. Our company does not guarantee the contents and conditions of transactions such as payment for goods and services, contract contents, guarantee, and warranty.
Our company shall not be liable for any direct or indirect damages, losses, disadvantages, etc., incurred by the User even if the websites and various services operated by our company are temporarily suspended, suspended, or changed in the following cases.
- In the event of a natural disaster such as fire, earthquake, flood, lightning strike or heavy snow
- In the event of social unrest such as war, civil war, terrorism, insurrection, or insurrection
- If our company is unable to obtain proper service from the telephone company, carrier, or provider with which it has a contract
- In the event our company becomes technically incapable
9. INQUIRIES ON DISCLOSURE AND DELETION
If you wish to disclose and/or delete your personal data, we will confirm your identity and as soon as practicable disclose or delete your personal data (except where we are not required to do so under the PDPA and other applicable laws).
10. ACCESS TO AND CORRECTION OF PERSONAL DATA
If you wish to make (a) an access request for access to a copy of the personal data which our Company holds about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which our Company holds about you, you may submit your request in writing or via email to the contact details provided below.
We will respond to your request as soon as reasonably possible. If our Company is unable to respond to your request within 30 days after receiving the request, we shall inform you in writing within 30 days of the time by which we will be able to respond to the request.
If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the PDPA and other applicable laws).
11. REQUEST TO WITHDRAW CONSENT
The consent you provided for the collection, use, and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. Should you wish to withdraw your consent to our collection, use, disclosure of your personal data, you may give reasonable notice of the withdrawal to us in writing or via email to [Client to insert relevant email address] (“Withdrawal Notice”). Upon our receipt of a Withdrawal Notice, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and we will, as far as possible, notify you of the likely consequences of withdrawing consent, and should you wish to persist with the withdrawal of your consent after having been notified of the likely consequences thereof, we will cease to collect, use and/or disclose your personal data in question unless the collection, use and/or disclosure of such information is required or authorized under the PDPA or other applicable laws.
Please note that withdrawing consent does not affect our Company’s right to continue to collect, use and disclose personal data where such collection, use, and disclosure without consent is permitted or required under the PDPA and applicable laws.
12. SECURE MANAGEMENT OF PERSONAL DATA
Our company will strictly manage personal data and make reasonable security arrangements to prevent unauthorized or improper access, collection, use, disclosure, copying, modification, loss, destruction, falsification, leakage or similar risks through the development and improvement of systems and introduction of appropriate administrative, physical and technical measures for the protection of personal data, education and enlightenment activities for employees, access control and information security measures, etc.
Our Company shall cease to retain documents containing personal data or otherwise remove the means by which the personal data can be associated with you as soon as it is reasonable to assume that the purpose for which such information was collected is no longer served by retention of the said information and retention is no longer necessary for legal or business purposes, or where otherwise required under applicable laws. We will also ensure that any personal data that we do not retain is disposed of, anonymized, and/or deleted in an appropriate manner. To protect the security of personal data, we use Secure Sockets Layer (Secure Sockets Layer) technology to prevent such information from being intercepted, obstructed or altered.
13. CONTINUOUS IMPROVEMENT
Our Company will continuously review and improve its personal data protection management system, including this policy, in order to maintain the appropriate level of handling and protection of personal data in the light of requests from business partners and changes in social conditions.
SheepMedical Co., Ltd.
Address: 5th floor, Takahashi Building, 3-26-8 Hatchobori, Chuo-ku, Tokyo 104-0032
E-mail: [email protected]