Privacy Policy Privacy Policy

We believe that we have an important responsibility to properly manage personal information handled in connection with our business, and in addition to complying with laws, regulations, and other standards related to the protection of personal information, we have established the following policy to protect personal information.

Article 1. Appropriate Acquisition and Use of Personal Information

We establish the following Privacy Policy (hereinafter referred to as "this policy") with respect to the protection of our customers' personal information. We will handle personal information obtained by fair and lawful means only within the scope of the purposes for which it is used. The terms used in this policy shall have the meanings ascribed to them under the Act on the Protection of Personal Information (hereinafter referred to as the "Personal Information Protection Act").

Article 2. Personal Information to Be Obtained

  1. We obtain the following personal information concerning our customers:
    1. Information on personal attributes
      Name, address, postal code, gender, date of birth, telephone number, email address, account ID and password, information on public certificates such as licenses and residence certificates, information on shareholders, etc.
    2. Transaction information
      Information on the details of transactions, etc.
    3. Settlement information
      Information on financial institution accounts, settlement and its methods, etc.
    4. Physical and health information (medical examinations of employees to determine fitness for work, information collected in connection with individual participation in clinical trials, etc.)
    5. Biometric information (such as when required to authenticate an individual identity)
    6. Education, employment information, background, and credentials (for job applicants and employees)
    7. Personally identifiable photos/videos (for promotional purposes, etc.)
    8. Other information (information regarding inquiries and other contacts from customers to our company, etc.)
  2. We may create pseudonymized personal information concerning our customers or obtain such information from third parties. The pseudonymized personal information refers to information concerning an individual obtained by processing personal information so that a specific individual cannot be identified unless it is checked against other information.
  3. Except in the following cases, we shall not obtain special care-required personal information without obtaining the prior consent of the principal.
    1. Cases based on laws and regulations
    2. Cases where it is necessary for the protection of the life, body, or property of a person, and where it is difficult to obtain the consent of the principal
    3. Cases where it is particularly necessary for the improvement of public health or the promotion of sound development of children, and where it is difficult to obtain the consent of the principal
    4. Cases where it is necessary to cooperate with a national government agency, a local government, or a person entrusted thereby in executing affairs prescribed by laws and regulations, and where obtaining the consent of the principal is likely to hinder the execution of said affairs
    5. Cases where the special care-required personal information is disclosed by the principal, a national government agency, a local government, a person listed in each item of Article 76, paragraph (1) of the Personal Information Protection Act, or other person prescribed by the Personal Information Protection Commission rules
    6. Other cases specified by Cabinet Order pursuant to Article 17, paragraph (2), item (vi) of the Personal Information Protection Act as equivalent to the cases set forth in the preceding items

Article 3. Purpose of Use

We use the following customer personal information or pseudonymized personal information solely for the purposes listed in each item below (hereinafter referred to as the "purposes of use").

  1. Personal information concerning physicians, dentists, pharmacists, pharmacies, drugstores, and other healthcare professionals
    1. Provision, collection, and review of information on proper use of pharmaceuticals manufactured and sold by our company (hereinafter referred to as "pharmaceuticals, etc.")
    2. Provision, collection, and review of information on the quality, safety, and efficacy of pharmaceuticals, etc.
    3. Surveys and research in the medical and pharmaceutical fields
    4. Provision, investigation, collection, and review of medical and academic information related to pharmaceuticals, etc. (including implementation of questionnaires, etc.)
    5. Request and implementation of investigation after clinical trials / manufacturing and selling, etc.
    6. Guidance, request, and implementation of lectures, explanatory meetings, etc.
    7. Request and implementation of manuscript writing, advisory services, etc.
    8. Member authentication and contact on Internet sites for healthcare professionals
    9. Notification and reporting to government offices, public organizations, financial instruments exchanges, etc.
    10. Sending of various greetings, etc.
    11. Review, investigation, and response to various inquiries and communications, etc. (including the cases through a call center entrusted by our company and through Internet sites established and operated by our company)
    12. Provision of information on our company or our products on Internet sites established and operated by our company
    13. Introduction and transfer of pharmaceuticals, etc.
    14. Exchange of safety information with overseas affiliated companies and partner companies
    15. Survey and analysis of demand, interest, and other matters in pharmaceuticals, medical devices, etc. and formulation of marketing strategies
  2. Personal information concerning users of our contact (including call centers entrusted by our company) for inquiries about pharmaceuticals, etc.
    1. Review, investigation, and response to the content of consultations, communications, and other matters
    2. Contacting and providing information of products to marketing authorization holders, manufacturers, distributors, and healthcare professionals, etc.
    3. Notification and reporting to government offices, public organizations, etc.
  3. Personal information concerning shareholders
    1. Preparation of shareholder data and other shareholder management
    2. Response to exercise of shareholders' rights under the Companies Act and other laws and regulations
    3. Fulfillment of obligations under the Companies Act and other laws and regulations
    4. Sending of business reports and other distributed materials
    5. Payment of dividends
  4. Personal information concerning officers and employees of companies that have business relationships with our company, as well as officers and employees of public servants, incorporated administrative agencies, and other corporations and organizations that have a business or industry relationship
    1. Communication, consultation, review, and management of business partners related to business transactions, business operations, or industry activities
    2. Provision, collection, and review of information on proper use of pharmaceuticals, etc.
    3. Provision, collection, and review of information on quality, safety, and efficacy of pharmaceuticals, etc.
    4. Provision, collection, and review of medical and academic information related to our products
    5. Notification and reporting to government offices, public organizations, etc.
    6. Sending of various greetings, etc.
  5. Personal information concerning job applicants
    1. Recruitment process
    2. Communication related to recruitment process
    3. Implementation of onboarding procedures and communications related to onboarding procedures
    4. Verification and analysis of recruitment process and reference for future recruitment process
    5. Personnel management after joining the company
  6. Personal information concerning employees (including retirees) and their families
    1. Planning, review, management, and other operations of organization, human resources, evaluation, capacity development, welfare, health and safety, and other matters at our company and affiliated companies of our company
    2. Payment of salaries, pensions, etc.
    3. Communication and provision in connection with various procedures to the ODC (Organization Development Committee), shareholding associations, health insurance societies, subsidiaries, affiliated companies, and companies to which employees are seconded
    4. Communication to the principal or family in an emergency
    5. Implementation of various post-retirement procedures
    6. Management of retirees, etc.
    7. Notification and reporting to government offices, public organizations, etc.
    8. Management of male alumni associations, female alumni associations, and other associations for retired employees
  7. Personal information obtained through PR and IR activities
    1. Provision of information on PR and IR activities
    2. Sending of PR and IR materials, etc.
    3. Review, investigation, and response to various inquiries, communications, and other content
  8. Medical records and test results of participants in clinical trials and other clinical research
    1. Response to concerns of participants and provision of compensation in the event of adverse health effects or side effects
    2. Application by our company or companies (including group companies) that have a license agreement with our company for approval review of pharmaceuticals to regulatory authorities such as the Ministry of Health, Labour and Welfare (including regulatory authorities outside Japan)
    3. Research contributing to health promotion and the study of new pharmaceutical developments at our company and group companies in Japan and overseas

Article 4. Provision of Personal Data to Third Parties for Shared Use

  1. We will not provide personal data to third parties without obtaining the consent of the principal in advance, except in the following cases:
    1. Cases based on laws and regulations
    2. Cases where it is necessary for the protection of the life, body, or property of a person, and where it is difficult to obtain the consent of the principal
    3. Cases where it is particularly necessary for the improvement of public health or the promotion of sound development of children, and where it is difficult to obtain the consent of the principal
    4. Cases where it is necessary to cooperate with a national government agency, a local government, or a person entrusted thereby in executing affairs prescribed by laws and regulations, and where obtaining the consent of the principal is likely to hinder the execution of said affairs
    5. Cases where settlement information is disclosed or provided to settlement companies
    6. Cases where statistical data or other data is disclosed or provided in a state in which the principal cannot be identified
  2. In the following cases, a person who receives the provision of personal data shall not be regarded as a third party with regard to the application of the provisions of the preceding paragraph.
    1. Cases where the personal data is provided in association with the entrustment of all or part of the handling of the personal data within the scope necessary for the achievement of the purpose of use
    2. Cases where the personal data is provided in association with the succession of business due to a merger or other reason
    3. Cases where personal data to be shared with a specific person is provided to the specific person, and the principal is notified in advance of the following matters or the data is put in a state where the principal can easily know it*
      1. The fact that shared use will be made
      2. Items of personal data to be shared
      3. Scope of shared users
      4. Purpose of use of the user
      5. Name or title of person responsible for management of the personal data

* Shared use
We will share and jointly use the medical database managed by Nihon Ultmarc Inc. with the company and its members regarding personal data concerning healthcare professionals. For information on the items of shared personal data, the purpose of use, and the scope of shared users, visit the website of Nihon Ultmarc Inc. (https://www.ultmarc.co.jp/privacy/shared_use/index.html).

Article 5. Restriction on Provision to Third Party Outside Japan

Except for the cases set forth in each item of paragraph 1 of the preceding article and the following cases, we shall not provide personal data to any third party outside Japan without obtaining the consent of the principal to the effect that the provision to the third party outside Japan is permitted in advance.

  1. Cases where information such as medical records and test results of participants in clinical trials and other clinical research is provided to regulatory authorities such as the Ministry of Health, Labour and Welfare (including regulatory authorities outside Japan) for approval reviews of pharmaceuticals
  2. Cases where pseudonymized personal information, such as medical records and test results of participants in clinical trials and other clinical research, is provided to companies (including group companies) outside Japan that have a license agreement with our company, affiliated companies such as testing companies, subcontractors, academic research institutions, academic societies, or researchers

Article 6. Pseudonymized Personal Information

We may create and use pseudonymized personal information in such a way that a specific individual cannot be identified unless it is checked against other information. We may also obtain customer information from third parties that has already been pseudonymized. The pseudonymized personal information refers to information concerning an individual obtained by processing personal information so that a specific individual cannot be identified unless it is checked against other information.

  1. When we process the information, we will apply the processing method in accordance with the following rules provided by the Personal Information Protection Commission. We will delete all or part of the descriptions or other content contained in personal information that can be used to identify a specific individual.
  2. We will use pseudonymized personal information only within the company and will not provide it to third parties except in cases pursuant to laws and regulations and in cases of Article 5 (1) and (2).
  3. When using pseudonymized personal information, we will not check with personal information used to create pseudonymized personal information and will not use pseudonymized personal information to contact the principal.
  4. We will take safety management measures to prevent the leakage of deleted information and other materials used to create pseudonymized personal information.

Article 7. Anonymized Processed Information

We may create or use anonymized processed information that has been processed in a proper manner to make it impossible to identify individuals or restore personal information in accordance with laws and regulations. We may also obtain information from third parties that has already been anonymized. Anonymized processed information refers to information concerning an individual obtained by processing personal information so that a specific individual cannot be identified and the personal information cannot be restored.

  1. We will apply the processing method in accordance with the following rules provided by the Personal Information Protection Commission.
  2. When processing, we will take safety management measures for information and other content on processing methods and other items.
  3. We may provide anonymized processed information to third parties (including third parties outside Japan). Items of personal information included in anonymized processed information to be created, used, and provided and the method of providing anonymized personal information are as follows.
    1. Items of personal information: Date of birth / age, gender, medical treatment information (disease information, drug information, examination information, admission/discharge information, etc.), medical insurance qualification information (enrollment period, etc.), health checkup information (medical history, examination results, etc.)
    2. Method of providing anonymized processed information: The information will be provided either by uploading to a server or by providing it on an external recording medium such as a DVD, protected by a password or under an environment in which appropriate security protection is ensured.

Article 8. Security Control Measures for Personal Data

We take appropriate security management measures to ensure the accuracy of personal data and to prevent unauthorized external access, leakage, alteration, damage, or loss. We have also established internal rules to ensure appropriate management, and we will ensure that all our company employees are aware of them.

Article 9. Inspection and Review of Handling of Personal Data

We will periodically check the status of the handling of personal data and make improvements as necessary.

Article 10. Disclosure of Retained Personal Data, etc.

With regard to the personal data held by our company, if the principal requests the notification of the purpose of use, or requests the disclosure, correction, or suspension of use of the personal data, we will take necessary actions in accordance with laws and regulations after confirming the identity of the principal.

Article 11. Changes to This Policy

We may change this policy as necessary, and if any changes are made, we will post such changes on our company website. Customers should carefully review the current content of this policy.

Article 12. Individual Privacy Policy

We may establish privacy policies other than this policy ("individual privacy policy") in accordance with the characteristics of the services provided by our company and customer attributes to which foreign laws other than the Personal Information Protection Act apply. This policy complements the individual privacy policy; however, if there is a conflict between this policy and the individual privacy policy, the individual privacy policy will prevail.