PRIVACY POLICY

SUSMED, Inc. (hereinafter referred to as “the Company”, “we” or “our”) are fully aware of our social responsibility to protect all personal information which we handle in our business. We shall make every effort to protect rights of individuals and comply with laws and regulations relating to protection of personal information. In addition, we hereby declare that we shall establish a personal information protection system to embody the following policy and make company-wide efforts for its continuous improvement based on the latest IT technology trends, changes in social demands and business environment.

  1. Collection of personal information
    The Company collect the minimum amount of personal information in lawful and appropriate manners, to the extent that it is necessary to conduct our business.
  2. Compliance with relevant laws, regulations, guidelines, etc.
    The Company shall comply with the “Act on the Protection of Personal Information” (Act No. 57 of 2003), and other laws, regulations, and guidelines issued by the Personal Information Protection Commission, and other guidelines and standards established by the government. The Company shall handle personal information appropriately.
  3. Acquisition and use of personal information

    When acquiring personal information, the Company shall disclose to the public or notify the utilization purpose (including disclosure of “4. Utilization purpose of personal information” in this policy). In addition, when acquiring personal information stated in a written contract or other documents (including electromagnetic records) directly from the person, the Company shall explicitly specify the utilization purpose in advance and acquire the personal information in a lawful and fair manners.

    The Company shall use personal information appropriately within the scope necessary to achieve the utilization purpose.

  4. Utilization purpose of personal information
    1. Personal information of users of our systems (digital therapeutics, clinical trial systems, etc.)
      • To set up, operate, manage, maintain, and improve the systems necessary for provision
      • Collection and provision of information on appropriate use, quality, safety, etc. of the systems, and response to users’ concerns
      • Research and analysis of the actual usage of our systems and user needs of them
      • Other situations where appropriate and smooth communication is needed between the Company and users of our systems
    2. Personal information concerning medical institutions, pharmacies, etc. and their employees and research institutions and researchers and other related persons
      • Medical and pharmaceutical surveys, studies, and development
      • Provision and collection of medical and academic information
      • Provision of information regarding our systems
      • Request and conduct of a clinical trial, etc.
      • Notification and reporting to government agencies
      • Collection and management of information related to payment processing
      • Other appropriate and smooth cooperation with medical workers and researchers
    3. Personal information of participants in clinical trials and other clinical research
      • Testing, research, or post-marketing surveillance
      • Response to concerns from participants
    4. Personal information of employees of our business partners
      • Communication with business partners, contractors, etc.
      • Communication of our systems’ information and sales policies, etc.
      • Understanding of credit management and credit control information
      • Notification and reporting to government agencies
      • Other appropriate and smooth communication with business partners
    5. Personal information concerning shareholders (or their officers and employees if a shareholder is a company)
      • Exercise of shareholder's rights and performance of obligations under the Companies Act
      • Management of shareholders, including preparation of shareholder register in accordance with the Companies Act and various laws and regulations
      • Sending handouts
      • Other appropriate and smooth communication with our shareholders
    6. Personal information of applicants for employment
      • Contacting and provision of information to applicants on employment and recruiting activities, and other uses necessary for recruiting activities
      • Processing employment procedure
    7. Personal information concerning those that contact the Company through our inquiry desk
      • Understanding the details of the concern or contact, consideration of the matter, research, and response to the contact
      • Other appropriate and smooth communication with those contacting the Company through the inquiry desk
    8. Personal information concerning directors, employees (including retired employees) and their families
      • Communication, training and education, and health management
      • Payment of remuneration (wages, bonuses, allowance, etc.), performance of personnel and human resource management, provision of employee benefits, and ensuring appropriate implementation of safety and health management measures and related purposes
      • Contacting retired employees and response to inquiries
  5. Provision to a third parties
    The Company shall not provide a third party with personal data without prior consent of the individual, except in the following cases
    • cases required by laws and regulations
    • cases in which it is difficult to obtain consent of the individual although there is a need to protect life, body, or property
    • cases in which it is difficult to obtain individual consent although there is a special need to enhance public hygiene or promote sound upbringing of children
    • cases in which it is necessary to cooperate with a central government organization or a local government, or a person entrusted by them of performing affairs prescribed by laws and regulations, and there is a possibility that obtaining individual consent would interfere with the performance of the said affairs
    • Other cases permitted by laws and regulations
  6. Security control actions

    The Company shall take reasonable security control actions to prevent leakage, loss, or damage of personal data in the hands of us. The Company shall also exercise necessary and appropriate supervision over employees and trustees (including subcontractors, etc.) who handle personal data.

    The outline of security control actions to be taken by the Company are as follows.

    1. Establishment of basic policy
      • To ensure proper handling of personal data, the Company has established this privacy policy stipulating compliance with relevant laws, regulations, and guidelines, and a contact for inquiries from users, and has published it on our website.
    2. Development of discipline for handling of personal data
      • The Company has established internal rules for proper acquisition, use, storage, provision, deletion and disposal of personal data, responsible persons in charge of handling such information, etc.
    3. Organizational security control actions
      • In addition to appointing a person(s) responsible for handling of personal data, the Company clarifies the employees who handle personal data and the scope of personal data handled by such employees. The Company also conducts audits on status of personal data handling, and has established a reporting system in an event of accidents, etc.
    4. Human security control actions
      • The Company provides periodic educational training to its employees regarding security control of personal data.
    5. Physical security control actions
      • In areas where personal data is handled, the Company controls employee access, prevents unauthorized access to, theft or loss of personal data. Personal data that has fulfilled its intended utilization purpose is deleted or disposed of in accordance with the internal rules.
    6. Technical security control actions
      • The Company controls access to personal data, and limits the number of employees in charge and the scope of personal data handled with information system. In addition, the Company prepares a mechanism to protect information systems handling personal data from unauthorized external access or malware.
  7. Requests for disclosure of retained personal data

    When an individual or his/her agent(s) requests for notification of the utilization purpose, disclosure(including disclosure of records of provision to a third party of retained personal data), correction, addition, deletion, utilization cease(including cease to provide a third party with retained personal data) or erasing personal data (hereinafter collectively referred to as “Request for Disclosures”), the Company shall honestly respond to it after confirming the identity of the individual or his/her agent(s) through the designated procedures.

    1. Request form
      • To make a Request for Disclosures, please contact our office shown in the “9 Contact for inquiries”. The Company shall send you an application form (hereinafter referred to as “Application Form”). Fill out the Application Form and submit it to the designated address together with the documents listed in (2) below if the request is made by an individual, or the documents listed in (3) below if the request is made by a his/her agent(s).
    2. Documents for identification of the applicant
      • Please submit any two copies of the following documents for identification. One of the documents must clearly show your current address.
      • Individual Number Cards
      • Driver's license
      • Passport
      • Health insurance card
      • Certificate of residence
    3. Documents for identification of the agent(s)
      • In addition to the above, please submit any of two documents copies among ① and one appropriate document among ② for identification
      • ①Identity verification documents of the agents
      • Individual Number Cards
      • Driver's license
      • Passport
      • Health insurance card
      • Certificate of residence
      • ②Documents proving authority of representation
      • Agents: Letter of attorney and a certificate of seal registration
      • Agents of minors: Document showing the relationship, such as a certificate of residence, or a certificate of all records (certificate of family register).
      • A minor's guardian or an adult guardian: Certificate of registered matters related to guardianship registration
    4. Fees
      • A fee of 1,000 yen will be charged for processing every Request for Disclosure . Even when required information cannot be disclosed, the prescribed fee will also be charged.
    5. Response to your request
      • The Company shall respond to your request as soon as possible within a reasonable period after verifying the required documents. Please note that we may reject your request in the following cases.
      • cases in which there is a possibility of harming principal or third party’s life, body, fortune or other rights and interests
      • cases in which it is possible to seriously interfere our business
      • cases of violating other laws or regulations
      • cases in which we cannot confirm that the request is from the person himself/herself or his/her agents.
      • Personal information obtained in connection with a Request for Disclosure shall be used only to respond to the request and shall not be used for any other purpose. All identity documents of the applicant shall be destroyed after the retention period has elapsed.
  8. Handling of Cookies

    Our website uses cookies and other similar technologies (hereinafter collectively referred to as "cookies") for tracking or analysis so that we understand site usage and make the use of our website more beneficial.

    (1) About Cookies

    Cookies are small text files containing arbitrary characters that, when users visit a website, are exchanged between web server and user's internet browsing software (browser) and stored on user's devices. By this technology, site user's browsing history and other non-personally identifiable attribute information may be obtained.

    Site users can set their browsers in advance to indicate the site using cookies, to deactivate cookies, or to delete cookies that have been saved. However, please note that if you reject the use of cookies or delete cookies, there is a possibility that the functions available on the website may be limited.

    (2) About Google Analytics

    We use Google Analytics, which is provided by Google Inc., so that we understand site usage. Google Analytics uses cookies to collect data. You can disable Google Analytics by changing your browser's add-on settings with the Google Analytics opt-out browser add-on.

    For more information on how data is collected and processed by Google Analytics, please see below.

    How Google uses information from sites or apps that use our services

    Google Analytics Terms of Use

    Google Privacy Policy

  9. Contact for inquiries

    MFPR Nihonbashi Honcho Bldg 10F, 3-7-2 Nihonbashi Honcho, Chuo-ku, Tokyo 103-0023, JAPAN

    Administration Department, SUSMED, Inc.

    e-mail:administration@susmed.co.jp

To improve our personal information protection system, this privacy policy shall be timely and appropriately reviewed based on the changes in business environment and shall continuously strive to improve the policy.

Any changes to the privacy policy shall be immediately announced to the public by posting on this website.

This privacy policy shall be made known to all employees, and shall be made available to anyone at any time by posting it on this website, pamphlets, etc.