| Receiving party | Country | Legal system | Measures taken by the receiving party |
|---|---|---|---|
| KOWA OPTIMED DEUTSCHLAND GmbH | Germany | The Personal Information Protection Commission, Japan (“PIPC”) certified the GDPR (General Data Protection Regulation) applied to private business operators in and the governments of the member states of the EEA, which includes Germany, as a system that provides approximately the same level of protection as the Act on the Protection of Personal Information of Japan (“APPI”). | The receiving party will process information pursuant to the GDPR. |
| KOWA AMERICAN CORPORATION | USA | Although there is no comprehensive system for the protection of personal information in the USA, there are systems for privacy protection established by the Federal Trade Commission or other organizations. The USA is one of the participating economies of the APEC Cross-Border Privacy Rules (CBPR) system, under which it is considered that substantially the same level of protection as in Japan can be expected for the protection of your data. | The receiving party will process information pursuant to these systems and the OECD 8 Privacy Principles. |
| KOWA (SHANGHAI) CO.,LTD. | China | In China, there is the Personal Information Protection Law serving as a comprehensive law on the protection of personal information. The said Law complies with the OECD 8 Privacy Principles. However, as the police agencies have extensive investigative authority and outbound transfer of data is restricted in China, depending on the circumstances, the same protection as in Japan may not be expected for your data. | The receiving party will process information pursuant to the Personal Information Protection Law and the OECD 8 Privacy Principles. In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information, and any data similar to your data has not become subject to the restriction of outbound transfer. |
| KOWA INDIA PVT.LTD. | India | There is no comprehensive system for the protection of personal information in India. Although the Digital Personal Data Protection Act was enacted in 2023, it has not yet come into effect. Also, as the police agencies have extensive investigative authority in India, depending on the circumstances, the same protection as in Japan may not be expected for your data. | The receiving party will process information pursuant to the OECD 8 Privacy Principles. In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information. |
| KOWA SKYMECH PTE.LTD. | Singapore | In Singapore, there is the Personal Data Protection Act serving as a comprehensive law on the protection of personal information. Singapore is one of the participating economies of the APEC CBPR system, under which it is considered that substantially the same level of protection as in Japan can be expected for the protection of your data. However, as the police agencies have extensive investigative authority in Singapore, depending on the circumstances, the same protection as in Japan may not be expected for your data. | The receiving party will process information pursuant to the Personal Data Protection Act and the OECD 8 Privacy Principles. In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information. |
- Receiving party
- KOWA OPTIMED DEUTSCHLAND GmbH
- Country
- Germany
- Legal system
- The Personal Information Protection Commission, Japan (“PIPC”) certified the GDPR (General Data Protection Regulation) applied to private business operators in and the governments of the member states of the EEA, which includes Germany, as a system that provides approximately the same level of protection as the Act on the Protection of Personal Information of Japan (“APPI”).
- Measures taken by the receiving party
- The receiving party will process information pursuant to the GDPR.
- Receiving party
- KOWA AMERICAN CORPORATION
- Country
- USA
- Legal system
- Although there is no comprehensive system for the protection of personal information in the USA, there are systems for privacy protection established by the Federal Trade Commission or other organizations. The USA is one of the participating economies of the APEC Cross-Border Privacy Rules (CBPR) system, under which it is considered that substantially the same level of protection as in Japan can be expected for the protection of your data.
- Measures taken by the receiving party
- The receiving party will process information pursuant to these systems and the OECD 8 Privacy Principles.
- Receiving party
- KOWA (SHANGHAI) CO.,LTD.
- Country
- China
- Legal system
- In China, there is the Personal Information Protection Law serving as a comprehensive law on the protection of personal information. The said Law complies with the OECD 8 Privacy Principles. However, as the police agencies have extensive investigative authority and outbound transfer of data is restricted in China, depending on the circumstances, the same protection as in Japan may not be expected for your data.
- Measures taken by the receiving party
- The receiving party will process information pursuant to the Personal Information Protection Law and the OECD 8 Privacy Principles. In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information, and any data similar to your data has not become subject to the restriction of outbound transfer.
- Receiving party
- KOWA INDIA PVT.LTD.
- Country
- India
- Legal system
- There is no comprehensive system for the protection of personal information in India. Although the Digital Personal Data Protection Act was enacted in 2023, it has not yet come into effect. Also, as the police agencies have extensive investigative authority in India, depending on the circumstances, the same protection as in Japan may not be expected for your data.
- Measures taken by the receiving party
- The receiving party will process information pursuant to the OECD 8 Privacy Principles.
In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information.
- Receiving party
- KOWA SKYMECH PTE.LTD.
- Country
- Singapore
- Legal system
- In Singapore, there is the Personal Data Protection Act serving as a comprehensive law on the protection of personal information. Singapore is one of the participating economies of the APEC CBPR system, under which it is considered that substantially the same level of protection as in Japan can be expected for the protection of your data. However, as the police agencies have extensive investigative authority in Singapore, depending on the circumstances, the same protection as in Japan may not be expected for your data.
- Measures taken by the receiving party
- The receiving party will process information pursuant to the Personal Data Protection Act and the OECD 8 Privacy Principles. In response to our confirmation request to the receiving party, it responded that it has not been requested by the police agencies to provide information.
(Note) OECD (Organisation for Economic Co-operation and Development) 8 Privacy Principles mean the eight principles concerning the protection of personal information, which are described in the “Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data” adopted by the OECD in September 1980 (“Collection Limitation Principle,” “Data Quality Principle,” “Purpose Specification Principle,” “Use Limitation Principle,” “Security Safeguards Principle,” “Openness Principle,” “Individual Participation Principle” and “Accountability Principle”).
(Note) The APEC (Asia Pacific Economic Cooperation) CBPR (Cross-Border Privacy Rules) system means the system developed by the APEC Electronic Commerce Steering Group in 2011 to build consumer, business and regulator trust in cross border flows of personal information within the APEC region, and the CBPR certification certifies the relevant business operator’s compliance with the APEC’s privacy principles.