Privacy Statement
The protection of your personal data is of great importance to Asahi Kasei Corporation (“Asahi Kasei”) and its affiliates (together, the “Asahi Kasei Group”). The sections below of this privacy statement (“Privacy Statement”) are intended to inform you about how the Asahi Kasei Group entities collect and process your personal data that you submit or disclose to us. We also act as data controller when we process your personal data received or obtained through third-parties. We process this personal data in accordance with the applicable EU and Member State regulations on data protection in particular, the General Data Protection Regulation No 2016/679 (the “GDPR”).
We do not share any sensitive personal data or information (“SPDI”) as defined under the Information Technology Act, 2000 (“IT Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) with any third party for any purpose without your consent, other than for compliance with legal obligations.
If you do not wish your personal data to be used by us as set out in this Privacy Statement, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services. Also, you may not have access to and/or be able to use some features of the website, and your customer experience may be impacted
Purpose of Use
We will always process your personal data based on the provisions of applicable laws, such as the GDPR, IT Act and/or the SPDI Rules (as applicable). In addition, we will always process your sensitive personal data/SPDI, for example, information concerning your trade union membership, religious views, or health condition, in accordance with the provisions of applicable laws such as the GDPR, IT Act and/or SPDI Rules (as applicable).
We may collect and process your personal data for the purposes detailed below, which are required so that we can pursue our legitimate interests and provide you with adequate services and products:
- to ensure that content from our site is presented in the most effective manner to you;
- to notify you about changes to our service(s);
- to manage your customer account;
- to offer you products and services;
- to inform you about our policies and terms;
- to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies;
- to provide, improve, and develop our products, services, and advertising;
- to use personal data for purposes such as data analysis, research, and audits;
- to ensure business continuity.
In addition, subject to obtaining your express prior consent, we may also collect and process your personal data for the following purposes:
- to make marketing advertisements;
- to provide you with information which we feel may be of your interest;
- to allow you to participate in interactive features of our services, when you choose to do so;
- to manage your subscription to the newsletter;
- to share your personal data with third-party partners who may send you marketing communications in relation to their products and services;
- for making business analysis.
Please be aware that you are entitled to withdraw your consent at any time, and this without affecting the lawfulness of processing based on your consent before withdrawal thereof.
We will process your personal data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process the personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support our business activities.
Types of Personal Data
For the purposes specified under this Privacy Statement, we need to collect the categories of personal data.
We can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms displayed on the website) or indirectly where such personal data is provided to us by your electronic communication terminal equipment or your internet browser. We ensure that the personal data processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Shared Use
We may transfer your personal data to Asahi Kasei Group entities and to third parties so as to share such personal data with them in accordance with the GDPR. Where we transfer your personal data to a data processor so as to share such personal data with them, we will put the appropriate legal framework in place in order to cover such transfer and processing. Furthermore, where we transfer your personal data to any entity outside the EEA so as to share such personal data with them, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers.
Strategic Partners
To your prior consent, your personal data may be transferred to, stored by, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. We may currently share your personal data with the strategic partners. Your personal data will only be shared by us with these partners in order to provide or improve our products, services, and/or advertising.
Service Providers
We share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys. We may currently share your personal data with the service providers.
Corporate Affiliates and Corporate Business Transactions
We may share your personal data with all Asahi Kasei Group. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Data Transfers
We handle records of all processing of personal data in accordance with the provisions of applicable laws such as the GDPR, IT Act and/or the SPDI Rules (as applicable), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the requirements of applicable laws, such as the GDPR, IT Act and/or SPDI Rules (as applicable) and cooperate with the supervisory authorities, as required.
Records of Data Processes
Such disclosures may involve transferring your personal data out of India to the following countries: European Union, Japan, China, Korea, Thailand, Hong Kong, Taiwan, USA, and UK. Such transfer may take place for business operations, accounting, human resources management, IT and general administration, marketing, market research and PR activities, and sales and/or after-sales management. For each such transfer, we make sure that we provide an adequate level of protection to the transferred data.
Security Measures
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage. We use appropriate technical or organisational measures to achieve this level of protection.
We will retain your personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
Notification of Data Breaches to the Competent Supervisory Authorities
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data which have been transmitted, stored, or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you.
Processing Likely to Result in High Risk to Your Rights and Freedoms
We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms. If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the provisions of applicable laws, such as the GDPR, IT Act and/or SPDI Rules (as applicable), or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent authority(ies), such as the Data Protection Supervisory Authority, in order to obtain their advice and recommendations.
Your Rights
You have the following rights regarding personal data collected and processed by us:
- Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you. Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to such personal data and certain related information.
- Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data. You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply.
- Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of your personal data, when certain legal conditions apply.
- Object to processing of personal data: You may have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you, when certain legal conditions apply.
- Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit such data to another controller without our hindrance, when certain conditions apply.
- Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply.
In case of any grievance, please write to our Grievance Officer.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a competent authority, such as the Data Protection Supervisory Authority.
Children
Our products and services are not especially intended for children customers. Thus, we do not knowingly collect and process information on children under eighteen (18). If we discover that we have collected and processed personal data concerning a child under eighteen (18), or the equivalent minimum age depending on the concerned jurisdiction, we will take steps to delete the information as soon as possible. If you become aware that a child under eighteen (18) has provided us with personal data, please contact our Grievance Officer:.
Links to Other Sites
We may propose hypertext links from the website to third-party websites or internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
Updates to the Privacy Statement
We may revise or update this Privacy Statement from time to time. Any changes to this Privacy Statement will become effective upon posting of the revised Privacy Statement via our services. If we make changes which we believe are significant, we will inform you through the website to the extent possible and seek your consent where applicable.
Grievance Officer:
Shimpei Ogawa
Asahi Kasei India Private Limited
The Capital, 1502B, Plot C-70, G-Block,
Bandra Kurla Complex, Bandra (East),
Mumbai-400051, India
info-india@om.asahi-kasei.co.jp