Privacy Policy

Chapter 1. Handling of Personal Information at CYBERDYNE

1. Introduction

The Privacy Policy explains how personal information obtained by CYBERDYNE, INC., its Japanese subsidiaries Shonan RoboCare Center Co., Ltd., Oita RoboCare Center Co., Ltd., Suzuka RoboCare Center Co., Ltd., Cyberdyne Care Robotics GmbH, CYBERDYNE Europe GmbH(subsidiary of CYBERDYNE in Germany) and CYBERDYNE USA Inc. (subsidiary of CYBERDYNE in USA, and, together with the aforementioned companies, collectively referred to as “CYBERDYNE”) from customers as well as CYBERDYNE’s officers, employees, any other person who is or was engaged in the business of CYBERDYNE (collectively referred to as “employees”) is utilized. Please read this Privacy Policy carefully when using CYBERDYNE’s services, software and website (collectively referred to as “services”). Any use by customers of CYBERDYNE’s services and products or any engagement by employees in CYBERDYNE’s business shall be deemed to have been conducted after having fully understood and agreed to this Privacy Policy.

2. Scope of application

This Privacy Policy will be applied when customers use CYBERDYNE’s services and products or when employees engage in the business of CYBERDYNE.

3. Purposes of using personal information

CYBERDYNE utilizes personal information obtained from customers/employees for the following purposes (collectively, the “purposes”)

(1) Purposes of utilizing customer’s personal information

1. For receiving applications for and providing the products and services offered by CYBERDYNE

2. For guidance, provision and management of other services and products offered by CYBERDYNE

3. For research, analysis and recruiting activity related to CYBERDYNE’s business.

4. For all operations incidental or related to 1 – 3 above.

5. For implementation of questionnaires concerning the services and products, etc., offered by CYBERDYNE

6. For development of new services and products

7. For guidance, operation, management and provision of information regarding various events and campaigns

8. For notification of services and products offered by CYBERDYNE

9. For guidance, operation, management and notification of services, products, events and campaigns of CYBERDYNE as well as its group companies and partner companies

10. For fulfilling obligations and delivering printed materials to CYBERDYNE’s shareholders

11. For responding to inquiries and requests

(2) Purposes of utilizing employee’s personal information

1. For recruitment and employment, social insurance, provision of benefit packages, business communication, legally required procedures and any other procedures related to employment management

2. For decision and payment of salary, tax withholding procedures, payment of prefectural and municipal inhabitants’ taxes, and any other procedures related to salary payment

3. For performance evaluation, posting, promotion, secondment, leave of absence, reinstatement and any other procedures related to personnel changes

4. All operations incidental or related to the above

4. Acquisition of personal information

CYBERDYNE will obtain the following personal information from customers and employees by fair and appropriate means in order to achieve the purposes defined in Article 3. The following items are merely examples and, depending on the case, may not be considered personal information.

(1) Acquisition of personal information from customers

1. Personal information provided to CYBERDYNE by customer when applying for or using the services or purchasing, renting or using the products.

The customer’s name, gender, date of birth, address, telephone number, fax number, email address, business contact, mailing address, physical and medical information relating to use of the products or services and information related to the usage of other products or services.

2. Information provided to CYBERDYNE by customer upon visiting CYBERDYNE’s website

IP address, cookies and web beacons, etc. will be obtained from the customer’s browser upon visiting CYBERDYNE’s website which provides the services to the users and information on advertisements, access history and access situation of websites and the customer’s usage environment will be automatically collected.

(2) Acquisition of personal information from employees

1. Basic information of employees such as name, address, department, title, etc.

2. Information regarding employee’s family such as names and existence of dependents, etc.

3. HR information such as qualification/license, personnel changes, performance evaluation, official commendation and disciplinary punishment

4. Information related to salary, bonus, retirement allowance and pension, etc.

5. Information related to benefit packages such as status of use of welfare programs

6. Information related to health such as health check results

CYBERDYNE will never obtain or use information of a sensitive nature to the customer/employee (hereinafter, “sensitive information”), such as information on race, beliefs, social standing, medical history, crime records, and history of having been a victim of a crime, unless explicitly stated otherwise in this Privacy Policy or as required by laws and regulations or for which the consent of the customer/employee is obtained.

5. Choice by the customers/employees

As a rule, CYBERDYNE obtains personal information by the volition of the customers/employees. Customers may experience disadvantages if they refuse to provide their personal information, such as being unable to make use of the various services provided by CYBERDYNE, or being unable to receive campaign notices and other CYBERDYNE information because part or all of the functions of CYBERDYNE’s system become inoperable and thereby unavailable. The same circumstances will apply to employees who are engaged in CYBERDYNE’s business operations. Please note that customers/employees may at any time change their contact information, in a manner designated separately by CYBERDYNE.

6. Disclosure and provision of information to third parties

CYBERDYNE will not disclose or provide the personal information of customers/employees to any third parties, except under the following circumstances:

1. Customer’s/employee’s consent has been obtained;

2. Disclosure or provision is required or within the scope allowed by laws or regulations;

3. Disclosure is required to protect human life, health, or property in cases where obtaining customer’s/employee’s consent is difficult;

4. Disclosure is required to cooperate with the public affairs of national or local governments, and when obtaining customer’s/employee’s consent is likely to hinder the administration of public affairs;

5. Disclosure or provision of information as statistical data (in a format that does not disclose the customer’s or employee’s identity);

6. Provision of information as a result of the succession of business due to a merger, company split, transfer of business or otherwise;

7. Provision of information in accordance with procedures based on laws and regulations, under the condition that the following information can be easily checked by the customer or employee themselves through the CYBERDYNE website, etc., and that the customer/employee has not declared their wish to refuse provision of their information:

① The purpose of obtaining information is to provide such information to a third party;

② The specific personal data items to be provided to a third party;

③ The means by which such personal information is provided to a third party;

④ The fact that the provision of information will be suspended upon the customer’s/employee’s request; and

⑤ The methods for accepting requests from customers/employees

Further, personal information of the customer/employee which includes sensitive information will not be provided to a third party for any reason, unless such provision is stipulated under the laws or regulations or consent is obtained from the customer/employee.  Data sharing or provision to business entrusted companies shall not be considered as disclosure or provision to a third party.

7. Data Sharing

CYBERDYNE will share customer/employee information as follows:

(1) Scope of Data Sharing

CYBERDYNE, INC., its consolidated subsidiaries and affiliated companies accounted for by the equity-method as stated in the annual securities report, etc.

(2) Purpose of use by the user

1) Personal information of customers

1. For development of new services and products, etc.

2. For notification of new products and services

3. For delivery and transfer to relevant company in the event of an inquiry, application for use or other request from a customer regarding products and services provided by CYBERDYNE or its group companies

4. For appropriate and smooth fulfillment of other transactions with customers, etc.

2) Personal information of employees

For using personal information of employees such as information defined in “3. Purposes of using personal information” and to conduct business communications.

(3) Personal information items to be shared

1) Personal information of customers

Customer ID, customer name, gender, date of birth, address, telephone number, fax number, email address, business contact (name of company, department, title, address, telephone and fax numbers), mailing address, information on physical conditions or diseases related to service offered by CYBERDYNE, record of service use, vital information (heart rate, blood pressure, pulse), transaction history, etc.

2) Personal information of employees

Employee name, address, department, title and other basic information of the employee stated in “4. Obtaining personal information”

(4) Head of administration for data sharing

CYBERDYNE, INC.

8. Business entrustment

In providing products and services to customers or handling the personal information of employees, CYBERDYNE may entrust part of its business operations to third parties to which personal information may also be disclosed to the extent required to achieve the purposes of the entrustment. In these cases, CYBERDYNE will implement all appropriate measures in managing and supervising such third parties to safeguard the handling of customers’/employees’ personal information, including executing agreements on the handling of such personal information.

9. Transfer to outside of Japan

If CYBERDYNE provides customers’/employees’ personal information to third party business operators outside of Japan, including business entrusted companies and data sharing partners, CYBERDYNE will take necessary and appropriate measures in compliance with the laws and regulations.

10. Management of personal information

In receiving customers’/employees’ personal information, CYBERDYNE will manage such information according to the strictest standards and take the utmost care to prevent leaks, losses, or alterations. CYBERDYNE ensures that its officers and employees are properly trained regarding appropriate handling to safeguard the security of information identifying individual customers/employees An appropriate retention period for personal information will be established in accordance with the purpose for which such information is used. After the purpose of the information has been achieved, CYBERDYNE will dispose of the information in question by appropriate methods.

11. Requests about handling of personal information

If CYBERDYNE receives a request from a customer/employee, submitted in the manner specified, regarding the disclosure, correction, deletion, addition, discontinuance, or erasure (hereinafter, disclosure, etc.”) of such customer’s/employee’s personal information stored in a database held by CYBERDYNE, the request will be handled as follows, within a reasonable timeframe and scope, after confirming that the request was submitted by such customer/employee themselves.

(1) Request for disclosure

Personal information items will be disclosed in accordance with the customer’s/employee’s request.

(2) Request for correction, deletion, or addition

Correction, deletion or addition of personal information will be undertaken wherever possible after due review of the request.

(3) Request for discontinuance or erasure

The use of personal information items designated by customers/employees will be discontinued, and the relevant information erased if so desired, in accordance with the submitted request. However, please note that such requests may prevent customers from being provided with services that they have utilized, or may impede the provision of services in accordance with their wishes. For the employees, it may prevent them from engaging in company business.

CYBERDYNE may not be able to fulfill the customers’/employees’ requests if compliance with such request would seriously impede CYBERDYNE’s business operations or result in a violation of the laws and regulations.

12. Submission of request for disclosure, etc.

The method for submitting requests for disclosure, etc., or notification of purposes of use of personal information received by CYBERDYNE from a customer/employee is as follows:

(1) How to make requests

Please send the required documents by postal mail or e-mail to the address below.

Address:

Personal Information Handling Desk, Corporate Department

CYBERDYNE, INC.

2-2-1, Gakuen-minami, Tsukuba, Ibaraki, 305-0818, Japan.

E-MAIL:

privacy@cyberdyne.jp

(2) Documents required for confirmation of identification of individual, etc.

1) For the individual

Copies of two from the following: driver’s license, passport, health insurance certificate, basic resident registration card with photo, pension insurance booklet, physical disability certificate, resident card or special permanent resident certificate, certificate of seal registration, Individual Number Card (front side only)

2) For a representative (Both (a) and (b) below are required)

(a) Letter of proxy (legal representatives must provide a certifying document)

(b) Document to identify the representative (copies of two from the following: driver’s license, passport, health insurance certificate, basic resident registration card with photo, pension insurance booklet, physical disability certificate, resident card or special permanent certificate, certificate of seal registration, Individual Number Card [front side only])

(3) Fee

A fee may be charged depending on the type of request.

13. Modification of this Privacy Policy

CYBERDYNE may make modifications to this Privacy Policy. If modifications are made, details will be posted on the CYBERDYNE website (https://www.ccr-deutschland.de/en/), so please be sure to carefully read the contents of any changes made.

Chapter 2. Handling of personal information of EEA residents at CYBERDYNE

In addition to Chapter 1, Chapter 2 will also be applied to the handling of personal information of customers/employees residing in the European Economic Area, which consists of the European Union member States, Norway, Iceland and Liechtenstein (the “EEA”) based on the “REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive “95/46/EC”” (the “GDPR“). In the event of any provision of this chapter contradicting those of chapter 1, the provisions of this chapter shall prevail. In particular, items 6. and 9. in Chapter 1 do not apply upon the handling of personal information of customers and employees residing in the EEA.

1. Legal basis for handling personal information

CYBERDYNE handles personal information of its customers/employees based on their consent to this Privacy Policy. Furthermore, CYBERDYNE may utilize personal information for the purpose of achieving the rightful benefit of CYBERDYNE or a third party (including but not limited to the benefit generated by requests from customers to CYBERDYNE for the provision of its products and services and the benefit generated by the smooth maintenance of the employment relationship between CYBERDYNE and the employees’ management).

A guardian’s consent or permission to consent to this Privacy Policy must be obtained in the event of a customer under the age of 16 using CYBERDYNE’s services. The data subject’s consent to this Privacy Policy must be obtained in the event that a person such as a family member applies for CYBERDYNE’s services on behalf of the data subject.

2. Request about handling of Personal Information

An EEA resident, has a right to withdraw their consent, request a copy of their personal information, request correction, request to delete or limit the usage of personal data, and request data portability to CYBERDYNE. Furthermore, an EEA resident may object to the handling of their personal information (including personal information handled by CYBERDYNE for direct marketing) if it is recognized by law.

If CYBERDYNE receives a request from an EEA resident, submitted in the manner specified, for copying, correcting, deleting and limiting the usage of their personal information, the request will be handled as follows, within a reasonable timeframe and scope, after confirming that the request was submitted by the customer/employee themselves according to Chapter 1, Article 11 (Request about handling personal information).

(1) Request for withdrawal

Personal information will be deleted or suspended in accordance with the customer’s or employee’s request, wherever possible and appropriate, after due review of the request.

However, please note that such requests may prevent customers from being provided with services that they had utilized, may impede the provision of services in accordance with their wishes, or may prevent employees from engaging in CYBERDYNE’s business.

(2) Request for data portability

A copy of the personal information held by CYBERDYNE will be provided in accordance with the customer’s/employee’s request, wherever possible and appropriate, after due review of the request.

(3) Objection to data processing

The use of personal information will be suspended, wherever possible and appropriate, after due review of a request therefor.

(4) Making a request or an objection

Customers/employees may submit such request by the method provided in Chapter 1, Article 12.

3. Transfers to outside the EEA

CYBERDYNE may provide the customers’/employees’ personal data to third parties, such as its affiliates, cloud vendors and outside contractors, etc. to implement the purposes of use specified above. Since countries located outside the EEA (including, without limitation, Japan and the U.S., the same shall apply hereafter) are among the locations of third parties to whom CYBERDYNE will disclose the personal data of the customers/employees, the customers/employees shall be deemed as having consented to the following matters by consenting to this Privacy Policy:

1. In the case that the country in which the third party is located is outside the EEA, such country does not have the same data protection laws as the EEA, many of the rights provided in the EEA to the data subjects of the data will not necessarily be secured.

2. The customers’/employees’ personal data may be provided for the purposes specified above to the subsidiaries and affiliates of CYBERDYNE or third parties, outside the EEA.

4. Change of purposes of use of personal data

In the case of a change to the purposes of use of personal data, CYBERDYNE will announce the revised Privacy Policy in advance on the CYBERDYNE website (https://www.ccr-deutschland.de/en/). If the purposes of use after such change differ from the original purposes of use, CYBERDYNE will ask for consent from the customers/employees regarding the revised purposes of use.

5. Lodging a complaint with an authority

Customers/Employees have the right to express a complaint on the processing of their personal data with the data protection authority having jurisdiction over their residence. Customers/employees are requested to use the following URL to contact the authority having jurisdiction over their residence:(http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

6. Holding period of personal information

CYBERDYNE will store personal information for 10 years after obtaining the information; provided, however, that this shall not apply in the case where CYBERDYNE is obliged or allowed to store the same for more than 10 years due to the provisions of laws or regulations or of contracts.

(as of October 17th, 2018)

How we deal with customer/employee personal information on our website

The following describes how we treat personal information gathered via the CYBERDYNE website. If a customer/employee wishes to know more about our general policy on privacy protection, etc. please refer to the CYBERDYNE Privacy Policy document.

1. Introduction

This document defines how CYBERDYNE deals with information gathered via the CYBERDYNE website and is based on the CYBERDYNE Privacy Policy. CYBERDYNE makes every effort to protect customer/employee privacy so that customers/employees can use the CYBERDYNE website with confidence and peace of mind.

By using the CYBERDYNE website the customer/employee is deemed to have understood and agreed to the following content:

2. Scope

This Privacy Policy only applies to use of the CYBERDYNE website (ccr-deutschland.de as the domain) and does not apply to sites managed by other companies. In order to provide useful information and services to the user, links to other websites are introduced on the CYBERDYNE site. This Privacy Policy does not apply to sites accessed via such links. We recommend that customers/employees check the privacy protection policies of each individual website.

3. Security

■ Security technology which protects personal information

To protect from illegal accesses by an unauthorized third party, protection of personal information is secured by encrypting personal information by using SSL (Secure Sockets Layer) encryption technology and the other similar technology. This means that any information provided by customers/employees when using this site cannot be accessed by an unauthorized third party. Furthermore, a firewall, anti-virus measures and the other reasonable security measures have been installed to prevent disclosure, appropriation, alteration, etc. of personal information.

Structure of SSL (Secure Sockets Layer)

By using the SSL, a digital “handshake” (by digital confirmation, digital signature) between CYBERDYNE and the customer takes place where security is mutually confirmed, and upon mutual confirmation, the personal information of the customer is sent by customer. At that time, the data is encrypted and this prevents the data from being sent to any third-party identity thieves.

Moreover, the data transmitted through SSL is encrypted using two types of encryption; namely, public key encryption (RSA) and common key (private key) encryption scheme. A key is required to decrypt such information. Even when data is intercepted by a third party, such encrypted data may not be decrypted without the correct key. Even though the number of types of keys is limited, it will take an unrealistically long time to figure out the correct key by trying out each key in order, even electronically by using devises such as a personal computer and thus it can be said that it is extremely difficult for a third party to decrypt the information.   

3. Collection of data

■ Site access

So that our customers can use our website with greater ease, the information below is collected.

(1) Regarding use of Cookies*1

CYBERDYNE will collect Cookies under a purpose to provide the following information.

· Log-in data for online service provided by CYBERDYNE

· Data from personalized pages for customers

· Registration data including special campaigns, etc.

· Site access history (using Web beacon*2)

Customers may always block Cookies by setting their browser.  It is recommended that customers set their browser to only accept cookies from websites they can trust.  However, please be advised that without the cookie, the speed of the website may substantially decrease.

(2) Regarding use of IP Address *3

CYBERDYNE will collect IP addresses under a purpose to provide information suiting the customer’s region.  When the customer views the CYBERDYNE website, the region the customer is accessing from will be determined based on the IP address, but the customer will not be identified.

■ Email

When CYBERDYNE sends e-mail to our customers, the following data may be collected:

· The status of HTML emails, i.e., whether they have been opened or previewed (using Web beacon*2)

· Whether our website has been accessed via a link in a text email or HTML mail.

*1 Cookies

1. A Cookie is a function where the fact that the user visited a specific website will be stored in the computer of such user.  Information such as e-mail address or name which can identify the individual is not among the data collected through the Cookie.

2. CYBERDYNE may provide the information collected through the Cookie to any third party if it is within the scope necessary to achieve the purpose stated under (1) Regarding use of Cookies*1 of this Privacy Policy.

3. Users may select whether the Cookie may be used for each purpose on its own under the setting method of the web browser used by the user.  If the user accepts the Cookie and thereupon visits the CYBERDYNE website, it is deemed that the user agreed to CYBERDYNE’s use of the information that the user visited our website.

* In order to gain full advantage of our website, it is recommended that the user accepts the Cookie.

*2 Web beacon

Web beacon means a structure constituting minute pictures invisible to the naked eye (1×1 pixel GIF) that are embedded into webpages or HTML emails and used to record the following data: opening/ previewing of emails, and access to websites using links in emails.

*3 IP Address

This is a number automatically assigned when the customer visits various websites.  The webserver (the computer providing the website) automatically recognizes the customer’s computer based on the IP address and connects.