GDPR Privacy Policy

I. GDPR Privacy Policy

Sysmex sometimes asks You* to provide Your personal information in various aspects of its business activities.
This Policy aims to set forth specific guidelines for processing personal data subject to the European Union’s General Data Protection Regulation (GDPR), in addition to Sysmex’s general Privacy Policy.
 
* In this policy, the terms “You” and “Your” refer to you and Sysmex’s business partners, visitors to the hospitals which are Sysmex’s customers (e.g., patients), shareholders, job applicants, and its officers and employees (“Officers and Employees”).

1. Types of Personal Information and Purposes of Processing Such Information

Sysmex sometimes processes the following categories of personal information for the purposes specified in “Personal Information of You and Sysmex’s Business Partners,” “Personal Information of Visitors to the Hospitals which are Sysmex’s Customers (e.g., Patients),” “Personal Information of Job Applicants and Internship Applicants,” and “Personal Information of Officers and Employees (Including Ex-Officers and Ex-Employees) and Members of Their Families” in “II. Purposes of Use of Personal Information” of the Privacy Policy. In this GDPR Privacy Policy document, “processing” means “processing” as defined in GDPR Article 4(2), and “personal information” means “personal data” as defined in GDPR Article 4(1).
In this policy, “Business partners” refers to those including customers or potential customers, joint research partners, doctors, suppliers, and vendors.
 
(1) Personal Information of You and Sysmex’s Business Partners
Name, e-mail address, telephone number, address, online identifier, and any other data provided by You and Sysmex’s Business partners to use Sysmex services, etc.
 
(2) Personal Information of Visitors to the Hospitals which are Sysmex’s Customers (e.g., Patients)
In Vitro Diagnostics (IVD) test results, DNA base sequences
 
(3) Personal Information of Job Applicants and Internship Applicants
Name, e-mail address, telephone number, address, academic and professional background, other information about employment or internship
 
(4) Personal Information of Officers and Employees (Including Ex-Officers and Ex-Employees) and Members of Their Families
Name, e-mail address, telephone number, address, employment history, and any other information required for human resources management

2. Methods of Acquiring Personal Information

Sysmex sometimes acquires Your personal information directly from You, Sysmex’s affiliates, or Sysmex’s business partners.

3. Legal Basis for Processing Personal Information

The legal basis for Sysmex to process Your personal information is as follows.
 
Personal Information of You and Sysmex’s Business Partners
  • You have given consent to the processing of personal information by Sysmex (GDPR point (a) of Article 6(1))
  • Processing is necessary for Sysmex to perform contracts with You or take steps to enter into such contracts (GDPR point (b) of Article 6(1))
  • Processing is necessary for compliance with a legal obligation to which Sysmex is subject (GDPR point (c) of Article 6(1))
  • Processing is necessary for the purposes of the legitimate interests pursued by Sysmex (GDPR point (f) of Article 6(1))
The legitimate interests include business interests, including our products and services.
 
Personal Information of Visitors to the Hospitals which are Sysmex’s Customers (e.g., Patients)
  • Patients, etc. have given explicit consent to the processing of personal information by Sysmex (GDPR point (a) of Article 6(1) and point (a) of Article 9(2))
  • Processing is necessary for compliance with a legal obligation to which Sysmex is subject (GDPR point (c), (e), and (f) of Article 6(1), as well as (i) and (j) of Article 9(2))
  • Processing is necessary for scientific research by Sysmex (GDPR point (f) of Article 6(1) and point (j) of Article 9(2))

Personal Information of Job Applicants and Internship Applicants
  • Applicants have given consent to the processing of personal information by Sysmex (GDPR point (a) of Article 6(1))
  • Processing is necessary for Sysmex to perform contracts with applicants or take steps to enter into such contracts (GDPR point (b) of Article 6(1))
  • Processing is necessary for compliance with a legal obligation to which Sysmex is subject (GDPR point (c) of Article 6(1), as well as (b) and (h) of Article 9(2))
  • Processing is necessary for the legitimate interests pursued by Sysmex (GDPR point (f) of Article 6(1))
The legitimate interests include business interests, including evaluation of job applicants and internship applicants.
 
Personal Information of Officers and Employees (Including Ex-Officers and Ex-Employees) and Members of Their Families
  • Officers and Employees have given consent to the processing of personal information by Sysmex in limited cases (GDPR point (a) of Article 6(1))
  • Processing is necessary for Sysmex to perform contracts with Officers and Employees or take steps to enter into such contracts (GDPR point (b) of Article 6(1))
  • Processing is necessary for compliance with a legal obligation to which Sysmex is subject (GDPR point (c) of Article 6(1), as well as (b) and (h) of Article 9(2))
  • Processing is necessary for the legitimate interests pursued by Sysmex (GDPR point (f) of Article 6(1))
The legitimate interests include business interests, including evaluation of officers.
 
If the legal basis for Sysmex to process personal information is consent, You may withdraw consent at any time. If You wish to withdraw consent, please contact us through Contact Point below. Sysmex processes personal information for legitimate interests only if Your fundamental rights and interests do not override the said legitimate interests.

4. Recipients of Personal Information

Affiliates
Sysmex shares Your personal information for common use among Sysmex and its group companies (including group companies based in foreign countries) in accordance with its Internal Rules within the scope necessary to achieve the purposes for which the information is used.
Sysmex will make its best efforts to ensure that an appropriate level of personal information protection is maintained in handling personal information within group companies and to ensure that each group company handles personal information at the same level of protection.
 
Business Partners
Sysmex sometimes provides Your personal information to Business partners within the scope necessary to achieve the purposes for which the information is used.
 
Contractors
Sysmex sometimes provides Your personal information to contractors such as IT vendors and recruiting agencies within the scope necessary for conducting the services outsourced in various aspects of its business activities.
Sysmex requires the said contractors to appropriately process personal information based on GDPR and supervises these contractors.
 
The aforementioned provision includes transferring Your personal information from the EU to third countries outside the EU. In such cases, Sysmex will enter into an agreement containing the standard data protection clauses approved by the European Commission with the contractor and make its best efforts to ensure that the contractor processes the personal information in compliance with the clauses and maintains an appropriate level of personal information protection. When your personal information is transferred to third countries outside the EU, you may request Sysmex to provide a copy of the document that describes how Sysmex protects such information. If you wish to do so, please contact us through Contact Point below.

5. Storage Period of Personal Information

Personal information is archived for the period necessary to achieve the purpose for which the information is collected.

6. Your Rights

You may exercise the following rights regarding Your personal information processed by Sysmex within the scope defined by GDPR. 
 
(1) Confirmation of whether Your personal information is processed
(2) Access to Your personal information
(3) Rectification or erasure of Your personal information
(4) Restriction on processing Your personal information
(5) Objection to the processing of Your personal information
(6) Rights to request data portability of Your personal information
 
If You wish to exercise any of the aforementioned rights, please contact us through Contact Point below.
If You are not satisfied with Sysmex’s response to Your request, You may lodge a complaint with the supervisory authority in the EU/EEA country wherein You reside or work or the EU/EEA country wherein the alleged infringement has occurred.

II. Contact Point

Please direct any questions, etc. regarding the handling of personal information by Sysmex to the following contact point: 
 
Department in charge: General Affairs Department, Sysmex Corporation
Address: 1-5-1, Wakinohama-kaigandori, Chuo-ku, Kobe, Hyogo, 651-0073, Japan
 

Contact

(Include “Regarding personal information” in the subject line)
 
Sysmex may require confirmation of Your contact information and other details before responding to Your request. Sysmex will make best efforts to respond within a reasonable period. 

III. Amendment of Privacy Policy

This Policy was established on August 1, 2021. Sysmex will review this Policy as appropriate to improve the protection of personal information. If such review requires amendments to this Policy, Sysmex will publish an amended version of this Policy on this website.