ITOCHU Corporation (hereinafter referred to as the “Company”, “we”, or “us”) sets forth the following privacy policy (hereinafter referred to as the "Policy") with regards to the handling of Personal Data (as defined below) of the users (hereinafter referred to as the "Users") of the services (hereinafter referred to as the "Services") provided via the Natural Rubber Traceability System (hereinafter referred to as "Itochu Traceability System").
The purpose of this Policy is to inform you (the Users) as to how the Company conducts the Personal Data processing, including but not limited to the management, collection, use, analysis, transfer, storage, disclosure, and removal of Personal Data relating to Users. In Singapore, such activities are subject to the Personal Data Protection Act (No. 26 of 2012) (the “PDPA”). In Indonesia, such activities are subject to Law No. 11 of 2008 on Electronic Information and Transaction as amended by Law No. 19 of 2016, Government Regulation No. 71 of 2019 on Implementation of Electronic Transaction and System, Minister of Communication and Informatics Regulation No. 5 of 2020 on Private Electronic System Providers as amended by Minister of Communication and Informatics Regulation No. 10 of 2021 and Minister of Communication Informatics Regulation No. 20 of 2016 on Personal Data Protection on Electronic System (collectively referred to as “Indonesian Data Protection Laws”). We conduct our business in compliance with the PDPA and Indonesian Data Protection Laws and have implemented various measures to ensure that any Personal Data relating to you remains safe and secure.
By using Itochu Traceability System, interacting with us, submitting information to us, or taking any other action indicating your intent to do so, Users hereby declare that he/she has been duly notified and informed on the terms of this Policy, as well as agree and consent to the Company and our affiliates and other related persons, whether overseas or otherwise (including but not limited to affiliates in Singapore and Indonesia and any of our or their agents, representatives or authorised service providers or any other persons acting on our or their behalf) – among others collecting, using and disclosing your Personal Data in the manner set forth in this Policy.
For the avoidance of doubt, this Policy supplements but does not supersede or replace any other consents which Users may have previously provided to us, or which Users may specifically provide us.
1.1 The term "Personal Data" means any data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access, including data in our records as may be updated from time to time, both directly and indirectly through an electronic system and a non-electronic system. Personal Data may include information such as name, date of birth, address, telephone number, contact information, e-mail address, bank account data, ID information (including KTP number), or other description contained in such information that can be used to identify a specific living individual (personal identification information).
2.1. We may collect Personal Data from or about you as may be necessary for the Purpose of Use (as defined in Article 3.1 below) such as your name, date of birth, address, telephone number, e-mail address, bank account number, KTP number, etc. when you register to use Itochu Traceability System or when you submit your Personal Data to us for any other reason related to your use of Itochu Traceability System, including but not limited to when you contact us for enquiries or to request for assistance. In addition, all information on Itochu Traceability System (i.e., transaction records and settlement information, including Personal Data of Users) may be recorded for the Purpose of Use.
2.2 We may collect or use Personal Data, or disclose existing Personal Data for secondary purposes that differ from the Purpose of Use. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of this Personal Data through appropriate mode(s) of communication. Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the Personal Data will not likely have an adverse effect on you. You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Data for such purposes. After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Data in relation to those purposes.
2.3 In compliance with the PDPA, we may collect, use or disclose the Personal Data of the Users in Singapore without his/her consent for the legitimate interests of us or another person. In relying on the legitimate interests exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
2.4 We may collect your Personal Data from third parties (including, but not limited to, agents, contractors, partners, payment service providers, government data sources, financial providers, credit agencies, etc.).
2.5. Users shall register and submit Personal Data that is accurate and not misleading, and we may conduct the necessary procedures in order to verify the Personal Data provided by Users, either as part of the user verification process or as required by law.
2.6. If a user elects not to provide his/her Personal Data, we may not be able to provide the User with access to the Services.
3.1 The purposes for which we collect and use Personal Data (hereinafter referred to as the "Purpose of Use") are as follows:
3.2 We will not use Personal Data relating to you for purposes which we are not permitted to or required under the PDPA or Indonesian Data Protection Laws or any other applicable laws.
4.1 Where we change the Purpose of Use of Personal Data for purposes which we have not informed you or have not obtained your consent, we will notify you or make public on Itochu Traceability System such purposes and obtain your fresh consent for use and disclosure for the new purpose.
4.2 Where (a) the new purposes are within the scope of the Purpose of Use
for which you had originally been informed, (b) consent can be deemed to
be given by you in accordance with the PDPA and Indonesian Data Protection
Laws, or (c) where the purpose falls within the exceptions from consent
pursuant to the PDPA, we will not obtain fresh consent from you.
Itochu Traceability System
5.1 We will not provide Personal Data to any third party without obtaining the prior consent of the User(s) save for the cases below and/or where such provision is permitted by the PDPA or other laws and regulations (for Users in Singapore only):
5.2 Personal Data shall only be disclosed to the above-mentioned parties for the Purpose of Use (save for pursuant to Articles 5.1(a), (b), (e) and (f)). We will not disclose Personal Data relating to you for purposes which we are not permitted to or required under the PDPA, Indonesian Data Protection Laws, or any other applicable laws.
5.3 In some cases, we may encrypt, anonymize, and aggregate Personal Data before disclosing it. Anonymizing means stripping the information of personally identifiable features. Aggregating means presenting the information in groups or segments (e.g. age groups).
5.4 In the event that we transfer Personal Data of Users in Singapore
overseas, we will ensure that the recipient overseas organisations will
provide a standard of protection to Personal Data so transferred that is
comparable to the protection in accordance with the PDPA or otherwise in
accordance with the PDPA or applicable laws. With regards to overseas
transfer of Personal Data of Users in Indonesia, in accordance with the
provision under Article 22 of the Minister of Communication and
Informatics Regulation No. 20 of 2016, we will:
6.1 You represent that the Personal Data that you provide to us is accurate and complete. Your failure to provide accurate and complete Personal Data may result in our inability to provide you with, or delay in our provision of, the Services.
6.2 When you provide us with any Personal Data relating to a third party (including your spouse, children, parents and/or employees), you represent to us that you have obtained the consent of the third party to provide us with their Personal Data unless otherwise provided in the PDPA and/or Indonesian Data Protection Laws.
6.3 If you discover that any of your Personal Data in our possession is incorrect, you must immediately change it via Itochu Traceability System.
6.4 If there is any Personal Data relating to you that you are unable to update and which you wish to make corrections to, you may contact our Data Protection Officer (whose details are set out below) and we will be happy to help you as best as we can.
6.5 If you wish to access the Personal Data that we have relating to you, inquire about the way in which Personal Data relating to you has been used or disclosed by us in the past year, or wish to withdraw your consent to our use of such Personal Data, you may contact our Data Protection Officer (whose details are set out below) and we will seek to attend to your request as best as we reasonably can. Please note that:
7.1. To protect your Personal Data from unauthorized access, collection, use, disclosure, processing, copying, alteration, disposal, loss, misuse, modification, or similar risks, we have implemented the following administrative, physical, and technical measures:
7.2. However, transfer and electronic storage methods over the Internet are not completely secure. Although security cannot be guaranteed, we strive to protect Personal Data and regularly review and enhance information security measures.
7.3 Please note that to the fullest extent permitted by law, we will not be held liable or responsible for any loss, misuse or alteration of Personal Data that may be caused by third parties.
8.1 We will retain your Personal Data only for such time as may be required or permitted in connection with the law or its Purpose of Use.
8.2 In the event that retention of Personal Data is no longer necessary for any business or legal purposes or when the purpose for which the Personal Data was collected is no longer being served by the retention of the Personal Data, we will remove, destroy or anonymise the Personal Data.
9.1. In the event that a User ceases to use the Services and removes his/her Personal Data from Itochu Traceability System, or in the event of reasonable grounds for presupposing that such Personal Data is no longer necessary for legal or business purposes, we will cease to retain the Personal Data of the User.
9.2. Where a User requests the suspension of use or deletion of his/her Personal Data (hereinafter referred to as "Suspension of Use") because such Personal Data has been used beyond the scope of the Purpose of Use or has been obtained through fraudulent means, we will promptly conduct an investigation.
9.3 The User should address their request in writing to our Data Protection Officer (whose details are set out below), and you should include as much detail as you can about the Personal Data affected, and the circumstances that you believe the Personal Data has been used beyond the scope of the Purpose of Use or has been obtained through fraudulent means.
9.4 In the event it is deemed necessary to comply with a User’s Suspension of Use request based on the results of the investigation set forth in the preceding clause, the Company shall promptly suspend its use of such Personal Data.
9.5 We promptly will notify the User of decision to or not to implement any Suspension of Use of his/her Personal Data in accordance with the provisions of the preceding clause.
9.6 In the event that there is a significant cost associated with a Suspension of Use, or in the event that it is difficult to implement a Suspension of Use, if any alternative measures are necessary to protect the rights and interests of Users, the Company shall take such alternative measures and the User shall be duly notified.
10.1. We may use cookies, web beacons, or other similar technology in connection with the use of the Services by the Users.
10.2. If you access Itochu Traceability System through your computer, a mobile device, or other device that can connect to the Internet, our server may automatically record data, such as technical data and usage data, that it sends and receives between your browser and our server.
10.3. This data is collected for analysis and evaluation and will be used to help improve the convenience of the Services.
10.4 Most internet browsers allow you to disable cookies associated with these technologies (or otherwise turn off the processing of cookies) - in most cases, you will still be able to navigate Itochu Traceability System fully, but other functionality may be impaired. Please note that you may delete cookies from your browser after using Itochu Traceability System.
10.5 We assume no responsibility for the data protection practices, content or security of any third parties whose websites we link to on our website. We recommend that you review each third-party website’s data protection and privacy policy before disclosing any data on that website.
11.1 In the event of a data breach of your Personal Data (“Breach”), we will promptly conduct an assessment of whether the Breach is notifiable to the Personal Data Protection Commission (“PDPC”) in accordance with the PDPA. If the Breach is notifiable to the PDPC, we will also notify you of the occurrence of the Breach in accordance with the PDPA. Especially for the Breach relating to the Users in Indonesia, a written notification will also be given to the relevant User immediately, at the latest 14 (fourteen) days since the occurrence of such Breach. In such a case, Users (in Indonesia) hereby agree and consent to receive the notification from us in the form of electronic notification.
12.1 In the event that you wish to transfer any of your Personal Data that is in our possession or control to another organisation, please submit a request in writing to our Data Protection Officer (whose details are set out below) and we will assist as best as we can to transmit such Personal Data to the other organisation in a commonly used machine-readable format.
13.1 The contents of this Policy may be changed without notice to the Users, except for matters otherwise provided by laws or ordinances or in this Policy. Unless otherwise specified by us, the revised Privacy Policy shall become effective upon its publication on Itochu Traceability System. Subject to any rights you may have at law, you agree to be bound by the prevailing terms of this Policy as may be updated by the Company from time to time.
14.1 We have designated a Data Protection Officer to be responsible for ensuring that we comply with the PDPA. Please contact our Data Protection Officer as follows:
Inquiries about the system are as follows
Address: 5-1, Kita-Aoyama 2-chome, Minato-ku, Tokyo 107-8077, Japan
Company Name: ITOCHU Corporation
Departments in charge: Logistics & Material Distribution Department,
General Product & Realty company
E-mail address:
tokrr-tracy@itochu.co.jp
14.2 For inquiries regarding this policy or concerns about our commitment
to your privacy, please contact the Data Protection Officer.
ACCORDINGLY, this Policy is agreed by and bound to you who is using the
Itochu Traceability System and/or registered as the Users of the Itochu
Traceability System.
*****