Global Group Privacy Policy

The RIKEN VITAMIN Group (the "Group") adopts this Global Group Privacy Policy (this "Policy") to ensure the proper handling of the personal data of its stakeholders—including customers, business partners, shareholders and employees—and to protect their rights and interests. This Policy sets out the fundamental, group-wide principles of personal data protection that apply to all companies in the Group (the "Group Companies"). Where laws or regulations in a particular country or region require individual Group Companies to issue separate policies or notices, those documents apply together with this Policy.

1. Compliance with Laws and Respect for International Standards

The Group Companies comply with applicable personal data protection laws and regulations in each country and region in which they operate and handle personal data appropriately in line with internationally recognized data protection principles.

2. Collection of Personal Data

When collecting personal data, the Group Companies will, to the extent possible, specify the purposes of processing and, where required, provide notice to or obtain consent from the data subject. The Group Companies collect personal data only to the extent necessary for the stated purposes and by lawful and fair means.

3. Use of Personal Data

The Group Companies process personal data appropriately and only within the scope of the specified purposes of processing. The Group Companies will not process personal data for other purposes except where permitted by applicable laws and regulations.

4. Accuracy of Personal Data

The Group Companies endeavor to keep the personal data they hold accurate and up to date within the scope necessary in light of the purposes of processing.

5. Security Measures for Personal Data

The Group Companies implement appropriate technical and organizational measures and manage personal data securely to prevent personal data breaches, such as unauthorized access, unauthorized disclosure, loss, destruction or alteration.

6. Provision to Third Parties and Management of Processors

Where the Group Companies entrust the processing of personal data to external service providers (processors) or provide personal data to third parties, they take appropriate measures, such as entering into appropriate contracts and exercising necessary supervision, to ensure the security of personal data. Except where permitted by applicable laws and regulations, the Group Companies will not provide personal data to third parties without the data subject’s consent.

7. Respect for Data Subject Rights

Where a data subject makes a request concerning their personal data, such as access, rectification, erasure, or restriction of processing, the Group Companies will respond in good faith and appropriately in accordance with the laws and regulations of each applicable country or region.

8. Inquiries and Complaints

The Group Companies will respond promptly and in good faith to inquiries and complaints from data subjects relating to their personal data.

9. Continuous Improvement of the Personal Data Protection Framework

The Group Companies will continuously maintain and improve their personal data protection framework by establishing and reviewing internal rules, providing training to personnel, and auditing handling practices.