Daiichi Sankyo Company, Limited (the “Company”) shall properly handle any personal information retained by the Company pursuant to the “Act on the Protection of Personal Information,” the “Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures” (the “Number Act”), and other relevant laws and regulations, as follows.

1. Acquisition of Personal Information

The Company shall acquire personal information by proper and fair means. When acquiring personal information, the Company shall notify or publicly announce the purpose for which such information will be used in advance. When acquiring special care-required personal information, the Company shall obtain the principal’s prior consent, except as permitted by laws and regulations.

2. Use of Personal Information

The Company shall handle personal information within the scope necessary to attain the purpose notified or publicly announced by the Company in advance.

 

3. Provision of Personal Information

In principle, the Company shall not provide special care-required personal information and personal data to a third party except where the principal’s consent is obtained, or where it is permitted by laws and regulations (the Company shall not provide specific personal information, etc. to a third party except where it is permitted by laws and regulations). However, if the Company entrusts the handling of special care-required personal information, personal data, or specific personal information, etc. to a third party within the scope necessary to attain the purpose of use, it shall supervise the trustee to a necessary and appropriate extent.

4. UManagement of Personal Data, Etc.

The Company shall make efforts to keep the content of personal data and specific personal information, etc. accurate and up to date, and take organizational, personal, physical, and technical safety control measures to prevent the leakage, loss, or damage of personal information and for security control, such as establishing rules for the processing of personal information, regular self-inspection of the processing of personal information, regular training of employees in the processing of personal information, prevention of theft or loss of equipment processing personal information, restricting the means by which personal information can be removed from Company premises, appropriately destroying devices on which personal information is recorded, implementing access controls, preventing unauthorized access from outside the Company, and protection from malware. Furthermore, when handling personal information in a foreign country, the Company shall take the appropriate security control measures by understanding the system of protecting personal information in such foreign country.

5. Disclosure, Correction, and Cease of Use of Retained Personal Data, Etc.

Upon a principal’s request to disclose, correct or cease to use his/her retained personal data, the Company shall respond to the request to a reasonable extent without delay. In addition, if the Company receives any complaint from a principal regarding the handling of personal information, the Company shall investigate the fact and make efforts to address it in good faith.

6. Deletion of Specific Personal Information, Etc

The Company shall destroy or delete specific personal information, etc. where the Company has attained the purpose for which the specific personal information, etc. was acquired as soon as possible.

7. Revision of this document

Any changes to this document will be promptly announced on the Company’s website.

◆ The terms “personal information,” “special care-required personal information,” “personal data,” “retained personal data,” and “anonymously processed information” used herein shall have the meanings as defined in Article 2 of the Act on the Protection of Personal Information. In addition, the term “specific personal information, etc.” shall refer to an “individual number” and “specific personal information” set forth in Article 2 of the Number Act.

Daiichi Sankyo Privacy Notice