GDPR Privacy Policy

 

Established: 1 April, 2005
Revised: 25 May, 2018
Revised: 26 September, 2018
Revised: 1 April, 2022

Rigaku Holdings Corporation
Chief Executive Officer
Toshiyuki Ikeda

 

This document governs the privacy policy, for individuals who reside outside of Japan, or of a non-Japanese entity of Rigaku Holdings Corporation and its direct and indirect subsidiaries (the "Rigaku Group", "the Group", "we", "us" or "our"), relating to the business and for the websites; https://www.rigaku.com, https://japan.rigaku.com/ja, https://www.rigakuoptics.com/, https://www.rigakuedxrf.com/index.php, https://rigakureagents.com/, https://rsmd.rigaku.com/.
Please read "Japan Privacy Policy for Personal Information Protection" if you are a Japanese resident, or if you would like to know the policy of a non-Japanese entity of Rigaku Group.
Our privacy policy tells you what personal data (PD) and non-personal data (NPD) we may collect from you, how we collect it, how we protect it, how we may share it, how you can access and change it, and how you can limit our sharing of it. This Privacy Policy is intended to assist you in making informed decisions when using the Sites and our Services. Please take a moment to read and understand it. Please note that it should be read in conjunction with our “Terms & Conditions". Our privacy policy also explains certain legal rights that you have with respect to your personal data. Any capitalized terms not defined herein will have the same meaning as where they are defined elsewhere on our website.

DEFINITIONS

'Non-personal data' (NPD) is information that is in no way personally identifiable. 'Personal data' (PD) means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. PD is in many ways the same as Personally Identifiable Information (PII). However, PD is broader in scope and covers more data. A "visitor" is someone who merely browses our website. A "member" is someone who has registered with us to use or buy our services and products. The term "user" is a collective identifier that refers to either a visitor or a member.

TOPICS COVERED IN OUR PRIVACY POLICY

1. Who Are We and What Do We Do?
2. How to Contact Us?
3. The Ways We Collect Your PD
4. What PD We Collect and How Your Data Is Used
5. Retaining and Destroying Your PD
6. Our Use of Cookies and Similar Technologies
7. Updating Your PD
8. Revoking Your Consent for Using Your PD
9. Protecting the Privacy Rights of Third Parties
10. Links to Other Websites
11. Protecting Children's Privacy
12. Our Email Policy
13. Our Security Policy
14. Use of Your Credit Card
15. How to Access Your Information and Your Other Rights
16. Transferring PD from the European Union
17. Handling of Anonymously Processed Information
18. Changes to Our Privacy Policy

1. WHO ARE WE AND WHAT DO WE DO?

The Sites and our Services are operated by Rigaku Group..

  • Rigaku Americas Holding Company, Inc. is the data controller responsible for your personal information outside of Japan.
  • The registered office of Rigaku Americas Holding Company, Inc. is at 9009 New Trails Drive, The Woodlands, TX 77381 USA.

2. HOW TO CONTACT US?

If you have any questions or complaints about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact to the followings;
Data Controller Contact Information

《Data Controller》
    Rigaku Holdings Corporation
    Compliance Committee Office
    3-9-12 Matsubara-cho, Akishima-shi, Tokyo 196-8666, Japan
    Tel: +81 3-3479-0618
    Email: p-info@rigaku.co.jp

《Data Controller in the United States》
    Rigaku Americas Holding Company, Inc.
    Corporate Marketing Division
    9009 New Trails Drive, The Woodlands, TX 77381 USA
    Tel: +1 281-362-2300
    Email: webmaster@rigaku.com

《Representative of Data Controller in the European Union》
    Rigaku Europe SE
    Hugenottenallee 167, Neu Isenburg 63263, Germany
    Tel: +49 6102 77999 51
    Email: rese@rigaku.com

When you or your agent request us the disclosure of PD, we reply without delay, except in the following cases;

  • cases in which there is a possibility of harming a principal or third party's life, body, fortune or other rights and interests
  • cases in which there is a possibility of interfering seriously with implementing our business properly
  • cases of violating other laws or regulations

Further, if you want to request the correction, addition or deletion of your PD with the reason that the content of your PD are not factual, and the utilization cease or deletion or ceasing a third-party provision of your PD with the reason of the violation of laws and regulations, please contact to the above. We confirm your identity and investigate and correspond to such request. If we cannot correspond to your request, we explain the reason.

 

3. THE WAYS WE COLLECT YOUR PD

Our legal basis for collecting and processing your PD is based on and the necessity for the performance of a contract or to take steps to enter into a contract.
What Happens If You Don't Give Us Your PD.
If you do not provide us with enough PD, we may not be able to provide you with all our products and services. However, you can access and use some parts of our website without giving us your PD.

We Collect Your PD in the Following Ways:

(I) When Entering And Using Our Website

We automatically receive information from your web browser or mobile device. This information includes the name of the website from which you entered our website, if any, as well as the name of the website you'll visit when you leave our website. This information also includes the IP address of your computer/the proxy server you use to access the Internet, your Internet service provider's name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website. Furthermore, when you enter and use our website and agree to accept cookies, some of these cookies may contain your PD. For detailed information, see our Cookie Policy.

(II) When Buying Products Or Services

If you buy products or services from us, we collect some or all of the following information: your first name, last name, user name, password, company, email address, phone number, street address, city, state, province region, zip code, postal code, credit card or other payment information. We need to collect and process your PD as a necessity for the performance of a contract or to take steps to entering into a contract at your request; otherwise we cannot provide our products and services you have requested or purchased from us.

(III) When Providing Customer Support For Our Products And Services

If you require support from us, we may collect information about the type of product(s) you purchased, the date you purchased it, the system serial number, the nature of the problem you are having, and other information.

(IV) Your California Privacy Rights

Under California Civil Code Section 1798.83 our customers and users who are California residents are permitted to request certain information about the types of information shared by us with third parties for their direct marketing purposes and the identities of those third parties. To make such a request, please send an email to: p-info@rigaku.co.jp or write us at the address described in "2. How to Contact Us?" above.


4. WHAT PD WE COLLECT AND HOW YOUR DATA IS USED

We use the information we receive from you to:

  • Verify your identity;
  • Provide our products and services you have requested or purchased from us;
  • Personalize and customize our content;
  • Make improvements to our website;
  • Contact you with updates to our website;
  • Resolve problems and disputes;
  • Provide to third party service providers within the necessary range for receiving the services; and
  • Contact you with marketing and advertising that we believe may be of interest to you.

We have set out below, in a table format, a more granular description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

(1) Verify your identity

(a) To register you as a new customer, supplier, distributor or agent
(b) To register you as a potential customer
(c) To enable you to partake in a prize draw or competition

(a) Identity
(b) Contact
(c) Profile
(d) Provision of our products/services
(e) Usage of our products/services
(f) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to acquire a potential customer for our products/services)

(2) Provide our products and services you have requested or purchased from us

(a) To deliver our products/carry out our services
(b) To process and deliver your order and ask for payment:
 ・Manage payments, fees and charges
 ・Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction or deliver our products/services
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

(3) Personalize and customize our content, such as

(a) Asking you to leave a review or take a survey for your usage of our products/services
(b) Customizing our contents under such review or survey

(a)Identity
(b)Contact
(c) Profile
(d) Usage of our products/services
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to improve our website and our products/services for the convenience to customers)

(4) Make improvements to our website, such as

(a) Asking you to leave a review or take a survey for your usage of our products/services
(b) To check the record of the access to our site

(a) Identity
(b) Contact
(c) Profile
(d) Usage of our website and products/services
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our website, to develop them and grow our business)

(5) Contact you with updates to our website, such as

(a) Notifying you about changes to our terms or privacy policy
(b) To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical
(d) Usage of our website and products/services

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

(6) Resolve problems and disputes, such as

(a) Resolution of the problem between you and us
(b) Resolution of the problem of our website

(a) Identity
(b) Contact
(c) Technical
(d) Usage of our website and products/services

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to investigate your claim for our products/services)
(c) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)

(7) Provide to third party service providers within the necessary range for receiving the services, such as

(a) To entrust the manufacturing of our products or the provision of our services to third-party service providers, as necessary
(b) To entrust the maintenance of this website to third-party service providers, as necessary

(a) Identity
(b) Contact
(c) Profile
(d) Usage of our website and products/services
(e) Technical

 

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)

(8) Contact you with marketing and advertising that we believe may be of interest to you, such as

(a) To make suggestions and recommendations to you about goods or services that may be of interest to you
(b) To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage of our website and products/services
(e) Marketing and Communications
(f) Technical

(a) Necessary for our legitimate interests (to develop our products/services and grow our business)
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

(I) Promotional Offers From Us

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.

(II) Third-Party Marketing

We will get your express opt-in consent before we share your personal data with any company outside the Rigaku Corporation group of companies for marketing purposes.
You can change your contact preferences at any time through your account or by sending us an email with your request to: p-info@rigaku.co.jp.

(III) Your Receipt Of Marketing Message

You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

(IV) Sharing Information With Affiliates And Other Third Parties

We may have to share your personal data with the parties set out below for the purposes set out in the table in Article 4 above.

 

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Further, in case that we entrust the processing of your PD to the third-party service providers, we select the third-party service providers who can maintain the appropriate or suitable technical and physical safeguards, and control and supervise such third-party service providers. We do not sell or rent your PD to third parties for marketing purposes. We may provide any kind of your PD, which are described in Article 4 (WHAT PD WE COLLECT AND HOW YOUR DATA IS USED) above and except the "special care-required personal information", such as your first name, last name, email address, phone number, street address, city, state, province region, cookies, and IP address to third-party service providers we hire to provide services to us by emails, internet, etc. without your consent. These third-party service providers may include but are not limited to: payment processors, all centers, data management services, help desk providers, accountants, law firms, auditors, shopping cart and email service providers, and shipping companies. We maintain the appropriate or suitable technical and physical safeguards in relation to the provision of your PD to such third-party service providers. Whenever you request us the discontinuance of the provision of your PD to such third-party service providers, we shall respond promptly in accordance with laws and regulations. If you want to obtain a copy of such safeguards or discontinue the provision of your PD to third-party service providers, send us an email with your request to p-info@rigaku.co.jp.
When we provide your PD to any third-party service providers, or receive PD from any third-party, we make a record of such provision or receipt. Further, when we receive PD from any third-party, we shall check the circumstances of obtaining such PD.

(V) Legally Required Releases Of Information

We may be legally required to disclose your PD if such disclosure is (a) required by judicial order, law, or other legal process; (b) necessary to assist law enforcement officials or government enforcement agencies; (c) necessary to investigate violations of or otherwise enforce our Legal Terms; (d) necessary to protect us from legal action or claims from third parties, including you and/or other users or members; or (e) necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.

(VI) Disclosures To Successors

If our business is sold or merges in whole or in part with another business that would become responsible for providing the website to you, we retain the right to transfer your PD to the new business. The new business would retain the right to use your PD according to the terms of this privacy policy as well as to any changes to this privacy policy as instituted by the new business. We also retain the right to transfer your PD if our company files for bankruptcy and some or all of our assets are sold to another individual or business.

(VII) Community Discussion Boards

Our website offers the ability for users to communicate with each other through online community discussion boards, blogs, or other mechanisms. We do not filter or monitor what is posted on such discussion boards. If you choose to post on these discussion boards, you should use care when exposing any PD, as such information is not protected by our privacy policy nor are we liable if you choose to disclose your PD through such postings. Also, PD you post on our website for publication may be available worldwide by means of the Internet. We cannot prevent the use or misuse of such information by others.


5. RETAINING AND DESTROYING YOUR PD

In some circumstances you can ask us to delete your data: see "Your right to erasure" in Article 15 below for further information. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. When your information is no longer necessary for the processing purposes for which the information was collected, we will destroy, delete, or erase it, unless there is no legal obligation to retain the information.


6. OUR USE OF COOKIES AND SIMILAR TECHNOLOGIES

Our Sites use certain cookies, pixels, beacons, log files and other technologies of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies. You can also limit the collection of information by third-party partners by visiting the Cookie Consent page.


7. UPDATING YOUR PD

We maintain your PD correctly and update to the latest information, as long as we acknowledge. You can update your PD using services found on our website. If no such services exist, you can contact us using the contact information found at the top of this policy and we will help you. However, we may keep your PD as needed to enforce our agreements and to comply with any legal obligations.


8. REVOKING YOUR CONSENT FOR USING YOUR PD

You have the right to revoke your consent for us to use your PD at any time. Provided, however that such an opt out will not affect disclosures otherwise permitted by law including but not limited to: (i) disclosures to affiliates and business partners, (ii) disclosures to third-party service providers that provide certain services for our business, such as credit card processing, computer system services, shipping, data management services, (iii) disclosures to third parties as necessary to fulfill your requests, (iv) disclosures to governmental agencies or law enforcement departments, or as otherwise required to be made under applicable law, or (v) previously completed disclosures to third parties. If you want to revoke your consent for us to use your PD, send us an email with your request to: p-info@rigaku.co.jp.


9. PROTECTING THE PRIVACY RIGHTS OF THIRD PARTIES

If any postings you make on our website contain information about third parties, you must make sure you have permission to include that information in your posting. While we are not legally liable for the actions of our users, we will remove any postings about which we are notified, if such postings violate the privacy rights of others.


10. LINKS TO OTHER WEBSITES

Our website may contain links to other websites. These websites are not under our control and are not subject to our privacy policy. These websites will likely have their own privacy policies. We have no responsibility for these websites and we provide links to these websites solely for your convenience. You acknowledge that your use of and access to these websites are solely at your risk. It is your responsibility to check the privacy policies of these websites to see how they treat your PD.


11. PROTECTING CHILDREN'S PRIVACY

Even though our website is not designed for use by anyone under the age of 16, we realize that a child under the age of 16 may attempt to access our website. We do not knowingly collect PD from children under the age of 16. If you are a parent or guardian and believe that your child is using our website, please contact us. When we receive your notice of the use of our website by a child, before we remove any information, we may ask for proof of identification to prevent malicious removal of account information. If we discover that a child is accessing our website, we will delete his/her information within a reasonable period of time. You acknowledge that we do not verify the age of our users nor do we have any liability to do so.


12. OUR EMAIL POLICY

You can always opt out of receiving further email correspondence from us or our affiliates. We will not sell, rent, or trade your email address to any unaffiliated third party without your permission except in the sale or transfer of our business, or if our company files for bankruptcy.


13. OUR SECURITY POLICY

We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration. We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

 

All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our Services. In case that the incident to PD (leakage, loss, damage and infringement) occurs (including the case of the possibility of such incident), we immediately investigate the fact and the reason of such incident, and take measures to prevent recurrence, and report to the supervisory authority and you in accordance with the relevant laws and regulations.


14. USE OF YOUR CREDIT CARD

You may have to provide a credit card to buy products and services from our website. When we collect your credit card information through our website, we will encrypt it before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, we cannot guarantee against the loss or misuse of your PD or secure data transmission over the Internet because of its nature. We strongly urge you to protect any password you may have for our website and to not share it with anyone. You should always log out of our website when you finish using it, especially if you are sharing or using a computer in a public place. We use third-party billing services and have no control over these services. We use our commercially reasonable efforts to make sure your credit card number is kept strictly confidential by using only third-party billing services that use industry-standard encryption technology to protect your credit card number from unauthorized use. However, you understand and agree that we are in no way responsible for any unauthorized use or misuse of your credit card number by third-party billing services.


15. HOW TO ACCESS YOUR INFORMATION AND YOUR OTHER RIGHTS

You have the following rights in relation to the personal information we hold about you:

  • Your Right Of Access.
    If you ask us, we'll confirm whether we're processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
  • Your Right To Rectification.
    If the personal information we hold about you is inaccurate or incomplete, you're entitled to have it rectified. If we've shared your personal information with others, we'll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
  • Your Right To Erasure.
    You can ask us to delete or remove your personal information in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If we've shared your personal information with others, we'll let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
  • Your Right To Restrict Processing.
    You can ask us to 'block' or suppress the processing of your personal information in certain circumstances such as where you contest the accuracy of that personal information or you object to us processing it. It won't stop us from storing your personal information though. We'll tell you before we lift any restriction. If we've shared your personal information with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your personal information with so that you can contact them directly.
  • Your Right To Data Portability.
    You have the right, in certain circumstances, to obtain personal information you've provided us with (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Your Right To Object.
    You can ask us to stop processing your personal information, and we will do so, if we are:
     ・relying on our own or someone else's legitimate interests to process your personal information, except if we can demonstrate compelling legal grounds for the processing; or
     ・processing your personal information for direct marketing.
  • Your Rights In Relation To Automated Decision-Making And Profiling.
    You have the right not to be subject to a decision when it's based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
  • Your Right To Withdraw Consent.
    If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. When you withdraw your consent for our processing your personal data, please instruct us by sending email at p-info@rigaku.co.jp. However, if you do so, you may not be able to use our website or our services further. For details about your rights under the GDPR, visit https://goo.gl/F41vAV
  • Your Right To Lodge A Complaint With The Supervisory Authority.
    If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you can report it to the Data Protection Authorities. You can find details about how to do this at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en


16. TRANSFERRING PD FROM THE EUROPEAN UNION

We share your personal data within the Rigaku Group. This will involve transferring your data outside the European Economic Area (EEA). PD that we collect from you may be stored, processed, and transferred between any of the countries in which we operate, more specifically US. The European Union has not found US and some other countries to have an adequate level of protection of PD under Article 45 of the GDPR. Our company relies on transfers subject to appropriate safeguards as defined in Article 46 of the GDPR or derogations for specific situations as defined in Article 49 of the GDPR. For European Union customers and users, with your consent, your PD may be transferred outside the European Union to US and other countries that the European Union has not found to have an adequate level of protection of PD. We will use your PD to provide the goods, services, and/or information you request from us to perform a contract with you or to satisfy a legitimate interest of our company in a manner that does not outweigh your freedoms and rights. Wherever we transfer, process or store your PD, we will take reasonable steps and measures to protect it. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. If you want to know such reasonable steps and measures, send us an email with your request to: p-info@rigaku.co.jp, we will provide a copy of which such reasonable steps and measures are described. We will use the information we collect from you in accordance with our privacy policy. By using our website, services, or products, you agree to the transfers of your PD described within this section.


17. HANDLING OF ANONYMOUSLY PROCESSED INFORMATION

(I) Creation Of Anonymously Processed Information

When creating anonymously processed information (information relating to an individual that can be created from processing personal data, by taking action stipulated in laws and regulations so as to make it impossible either to identify a specific individual or to restore the original personal data), we will observe the following requirements:


(II) Provision Of Anonymously Processed Information

When providing anonymously processed information to a third party, we will, in accordance with standards stipulated in laws and regulations, disclose to the public the items of information relating to an individual contained in such anonymously processed information as well as the method of provision, and we will state to the third party explicitly to the effect that the information being provided is anonymously processed information.


18. CHANGES TO OUR PRIVACY POLICY

We reserve the right to change this privacy policy at any time. If our company decides to change this privacy policy, we will post those changes on our website so that our users and customers are always aware of what information we collect, use, and disclose. If at any time we decide to disclose or use your PD in a method different from that specified at the time it was collected, we will provide advance notice by email (sent to the email address on file in your account). Otherwise, we will use and disclose our users' and customers' PD in agreement with the privacy policy in effect when the information was collected. In all cases, your continued use of our website, services, and products after any change to this privacy policy will constitute your acceptance of such change.