Published: 24 December 2021
This privacy policy is intended to make clear how we, Mitsubishi Heavy Industries Group (MHI GROUP), collect, use and protect the personal data of our current and prospective customers, distributors and other business partners. We, MHI GROUP, take your privacy seriously. When we collect and use your personal data for business purposes, we undertake to comply with applicable data protection laws including the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679, “GDPR”), the UK Data Protection Act 2018 and the GDPR, as it forms part of UK law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 (the “UK GDPR”). Below is our policy on how we collect, use and protect your personal data. It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing your personal information so that you are fully aware of how and why we are using your data. This privacy policy supplements any other notices and is not intended to override them.
PERSON IN CHARGE (Controller)
This privacy policy is issued by us, Mitsubishi Heavy Industries, Ltd., Mitsubishi Logisnext Co., Ltd., Mitsubishi Shipbuilding Co., Ltd., Mitsubishi Heavy Industries Marine Machinery & Equipment Co. , Ltd., and Mitsubishi Heavy Industries Thermal Systems, Ltd., Mitsubishi Turbocharger and Engine Europe B.V., Primetals Technologies Ltd. (collectively, “MHI GROUP”). When we collect and use your personal data, we are responsible for protecting your rights in relation to your personal data. As such, we are collectively “joint controllers” as the term is defined and used in the GDPR/the UK GDPR.
PURPOSE AND LAWFUL BASIS (Why and on what lawful ground(s) we may use your personal data)
1. To operate, manage and facilitate our business
We collect and use the following categories of your personal data for the respective purposes, and on the respective lawful grounds, described below. We may collect your personal data which you provided us directly or from social networking services such as Linkedin. Business contact details (name, company, position, business email address, business phone number, facsimile number, office address, etc.);
- User account data, records of visits to our websites and activity on our websites and use of other online services;
- Access records to our buildings and facilities;
- Records of business communications in connection with our business operations with you (inquiry logs, email logs, meeting logs, reports, audit interviews, event photos, interviews and face photos for our publicity materials etc.).
We use these categories of personal data for the following purposes on the lawful basis that it is necessary for the purposes of our legitimate interests. Such legitimate interests include delivering products, services and information you ask us for or which you may be interested in, and obtaining information or insights that may help us to serve you better. For further details regarding legitimate interests, please contact us.
- Managing your business contact data;
- Sales and delivery of our products, samples and services;
- Responding to your inquiries or receiving your feedback;
- Analyzing your feedback to obtain insights that may help us to evaluate and improve the quality of our products and services;
- Organizing business and/or technical events, conferences or exhibitions;
- Facilitating any other business communication;
- Keeping records of our business communications and transactions with you;
- Controlling access to our physical facilities and computer/network resources; and
- Establishing, exercising, or defending our legal rights.
2. To promote our marketing activities
We use marketing automation technology that enables us to combine behavioral and firmographic data from multiple sources to build, filter and segment audiences. It helps us precisely target individuals with rich customer profiles based on specific attributes, interests and geography. As part of our utilization of this technology, we create your profile by combining cookies, information we obtain from your IP address (e.g. your approximate location and your company name) information that you have provided to us either online or offline (e.g. business contact details) and information we collect from LinkedIn (e.g. Name, Email address, Phone number, Country/Region, Job title, Company name, Industry). We use your profile to promote our marketing activities. For example, we may contact you to provide you with information that is likely to be of interest to you, such as information on our products, services, events and case studies at appropriate times. When we perform such processing of personal data, we will obtain your prior and specific consent thereto, or process such personal data on the lawful basis that it is necessary for the purposes of our legitimate interests as described above. If you wish to withdraw your consent for our processing of your personal data for the purpose specified hereof, please contact us.
SENSITIVE PERSONAL DATA
Where we collect and use sensitive categories of your personal data, such as those defined in Articles 9 and 10 of the GDPR/the UK GDPR, we will obtain your prior and explicit consent thereto, as may be necessary, unless we are not required to do so in order to perform our statutory obligations or to protect your or any other person’s vital interests in an emergency.
RETENTION (How long we retain your personal data)
We will retain your personal data as long as we have a business relationship with you. Thereafter, we will keep it as required by applicable laws, especially those related to auditing or taxation.
COOKIES
A Cookie is a small text file a website reads or writes on your web browser. We use cookies to improve your experience on our website, to personalize ads and to analyze how you use our site. We share information about your use of our website with our advertising, marketing and analytics partners, who may combine it with other information that you have provided to them or that they have collected from your use of their services. We may also combine cookies, your IP address and other information you have provided to us to build your profile which helps us promote our marketing activities. As required by applicable data protection laws depending on your location, we may request your prior consent to set cookies which are not strictly necessary for the functioning of the website. To see more details or to customize your cookie settings (available where legally required), please click on the COOKIE SETTINGS button below.
DISCLOSURE (Who we share your personal data with)
We disclose certain categories of your personal data in so far as it may be necessary for the purposes above to the following entities:
- Competent public authorities to which we are obliged to disclose your personal data as required by applicable laws;
- Our service providers, including those providing us with cloud computing, customer relation management, marketing automation, advertising, messaging or other application, business travel arrangement, courier, receptionist, conference/event arrangement, hospitality, accommodation, etc.;
- Our group companies; and
- Entities that merge or acquire part or all of our business.
Where such service providers process your personal data on our behalf and under our instruction, typically as “data processors” within the meaning of the GDPR/the UK GDPR, we will enter into an appropriate data processing agreement to make sure that such service providers have in place appropriate data protection measures in compliance with applicable data protection laws.
TRANSFER TO THIRD-COUNTRIES
We may transfer your personal data originally collected by MHI GROUP to entities that are located in countries outside the EEA or the UK for the purposes described above. In cases where such data transfer occurs regularly, we protect your personal data by mutually agreeing with such recipients to be bound by standard contractual clauses that have been approved by the European Commission or the UK government, which impose on such recipients contractual obligations to ensure an adequate level of data protection equivalent to those laid down by the GDPR/the UK GDPR. You may obtain more details on the protection given to your personal data when it is transferred outside the EEA or the UK (including a copy of the standard contractual clauses which we have mutually agreed with such recipients to be bound by in relation to your personal data) by contacting us. Please note that if the recipient destination has been subject to a finding by the European Commission or a specification by the UK government that it offers an adequate level of protection to the rights and freedoms that you possess in respect of your personal data, we may transfer your personal data without mutually agreeing with such data recipients to be bound by the standard contractual clauses.
YOUR LEGAL RIGHTS
Provided that certain conditions are met and depending on where you are located, you have the legal right to request from us the following:
- Access to your personal data and to certain supplementary information covered by this notice;
- Correction of your personal data if inaccurate or incomplete;
- Erasure of your personal data in certain circumstances, including, but not limited to, the following circumstances:
- When we are no longer required to retain your personal data in light of the purpose for which it was collected;
- When we may process personal data only with your consent and you withdraw such consent;
- When you object to our processing of your personal data based on legitimate interests and our legitimate interests do not prevail over your legitimate interests, rights, and freedoms;
- When your personal data has been unlawfully processed by us.
- Suspension of use of your personal data in certain circumstances, including, but not limited to, the following circumstances:
- When you challenge the accuracy of your personal data (only with respect to the period we are required to confirm its accuracy);
- When your personal data has been unlawfully processed by us, but you oppose the erasure of your personal data and instead request for the suspension of its use;
- When we no longer need your personal data, but we need your personal data for the purpose of bringing, exercising or defending legal claims;
- If you object to our processing of your personal data based on legitimate interests (only with respect to the period required to determine whether our legitimate interests prevail over your legitimate interests, rights and freedoms).
- To obtain your personal data in a structured, commonly used, and computer-readable format and/or to require us to transfer such personal data directly to the recipient, to the extent technically feasible, when processing such personal data is based on your consent and no other grounds are applicable. Please note that this right is only permitted in relation to personal data provided by you to us;
- Objecting to the processing of your personal data;
- Withdrawing your consent at any time where our processing of your personal data is based on such consent. Please note that such withdrawal will not affect the legitimacy of the processing of your personal data before such withdrawal; and
- Requesting a human review of a decision made solely from the automatic processing of your personal data that has a significant impact on you.
If you have any inquiries in relation to what rights you are exactly entitled to exercise, or if you wish to exercise any of your rights, please contact us.
COMPLAINTS
You may lodge a complaint with respect to our processing of your personal data with the data protection supervisory authorities.
INQUIRIES
For further information and/or inquiries, please contact:
Mitsubishi Heavy Industries, Ltd.
Business Strategy Office, Corporate Communication Department
Address: 2-3, Marunouchi 3-chome, Chiyoda-ku Tokyo, 100-8332
Phone: +81-3-6275-6277
Contact form
For contacts about personal information to MHI's other locations, refer to this:
MHI Group Network