TOYOTA CENTRAL R&D LABS., INC. (hereinafter referred to as the “Company”) complies with the Act on the Protection of Personal Information and other related laws and regulations, and hereby establishes the following basic policy on the protection of personal information under the recognition that it is an important social responsibility as a corporate entity to appropriately handle personal information and personal data (hereinafter collectively referred to as the “Personal Information”) entrusted to the Company by its customers, business partners, and other individuals (hereinafter collectively referred to as the “Customers”) and held by the Company. 

1. Establishment of the Company’s Personal Information Protection System

The Company ensures that its officers and employees, etc. are made aware of the importance of protecting Personal Information, and establishes a management system pertaining to the protection of Personal Information. 
In addition, the Company clearly sets forth its management rules for the acquisition, use, storage, deletion, and provision, etc. of Personal Information, and ensures the proper management of the Personal Information.

2. Acquisition of Personal Information

The Company will acquire the Personal Information from the individual concerned, third parties, or from publicly available sources, within the scope necessary to achieve the Purpose of Use (as defined in Article 3, Paragraph 2)), after publicly announcing or notifying the Purpose of Use, or upon the consent of the individual concerned, in writing or by other appropriate means.

3. Handling of Personal Information

  1. Scope of Purpose of Use
    The Company shall not use the Personal Information acquired beyond the scope of the Purpose of Use without the consent of the individual concerned.
     
  2. Definition of Purpose of Use
    Personal Information acquired by the Company is used for the following purposes (hereinafter collectively referred to as the “Purpose of Use”) in connection with implementing various research; testing; surveys; entrusted research, commissioned research, joint research, in connection with third parties; and other accompanying activities related to the development and utilization of comprehensive technologies by the Company:
     
    1. Personal Information acquired from the customers:
      1. For distributing, sending, or communicating regarding, reports, materials, guidance, meetings, and event invitations, as well as for having meetings with or visits by the customers; or
      2. For conducting, aggregating results of, and utilizing surveys with the customers, and for responding to related inquiries.
         
    2. Personal Information acquired from business partners and other individuals:
      1. For research activities utilizing Personal Information in human research, social systems research, or data analytics research, etc.;
      2. For the negotiation, execution, and performance of construction agreements, service outsourcing agreements, joint research agreements, and any other agreements;
      3. For payments, bank account withdrawals, billing, and issuance of receipts, etc.;
      4. For responding to, applying to, and consulting with government agencies and other public institutions;
      5. For procedures related to land and building registration and various types of insurance, etc.;
      6. For responding to accidents and disasters, implementing preventive measures, and ensuring safety management thereof;
      7. For responding to audits and investigations, etc. conducted by parent companies, affiliates, or auditing institutions;
      8. For taking necessary measures to resolve disputes, etc.; or
      9. In addition to the above, for conducting various business operations and sales activities necessary for transactions.
         
    3. Personal Information acquired directly from applicants for the Company’s recruitment activities:
      1. For business operations such as communications related to recruitment activities.
         
  3. Measures for Security Control Management of Personal Information

    The Company takes appropriate organizational, physical, technical, and human security control measures to prevent unauthorized access to, loss, destruction, falsification, or leakage of Personal Information and to otherwise ensure its security control management. 

    As organizational measures for security control management of Personal Information, the Company appoints a person responsible for handling Personal Information, establishes internal management rules, thereby clarifying the scope of Personal Information to be handled by officers and employees, etc., and establishes a reporting and communication system for communication with the responsible person in cases where any violation of laws or internal rules is identified.

    As physical measures for security control management of Personal Information, the Company will implement entry/exit controls for areas in which Personal Information is handled, and manage and restrict the use of information and communication management devices, documents, and other materials containing Personal Information to prevent theft or loss thereof.

    As technical measures for security control management of Personal Information, the Company will ensure that only those officers and employees, etc. who require such Personal Information in the course of business may handle or access it, by segregating Personal Information from other data and implementing access restrictions, etc. on information systems.

    As human measures for security control management of Personal Information, the Company will implement education and awareness activities for officers and employees, etc. to ensure the protection of Personal Information.

    With respect to understanding the external environment, when storing personal data in a foreign country, the Company will ascertain the legal framework concerning the protection of Personal Information in such country and implement measures for security control management of the Personal Information accordingly.
     

  4. Provision to Third Parties
    The Company shall not provide the Personal Information acquired to any third party without the prior consent of the individual concerned, unless required by law.
     
  5. Management of Contractors
    The Company may provide the Personal Information to business contractors within the scope necessary to achieve the Purpose of Use. In such cases, the Company obligates such contractors, by contract or other means, to properly handle the Personal Information provided by the Company and supervises them appropriately.
     
  6. Disclosure to Individuals ConcernedWhen requested by the individual concerned, the Company will respond faithfully in accordance with applicable laws and regulations regarding the (i) notification or disclosure of the Purpose of Use of the Personal Information; (ii) disclosure, correction, addition, deletion, suspension of use, or erasure of Personal Information; and (iii) disclosure of records of provision of Personal Information to third parties, or suspension of such provision to third parties. 

4. Handling of Information Related to Personal Information

  1.  Acquisition of Cookies
    The Company may collect certain information through cookies using tools such as Google Analytics for the purpose of analyzing website usage and optimizing content, etc. However, such cookies will not be provided to third parties as Personal Information without the consent of the individual concerned.
     
  2.  Receipt of Information Related to Personal Information
    When receiving information related to Personal Information, such as cookies, etc. from third parties and acquiring it as personal data, the Company shall confirm, record, and store the matters required by laws and regulations, and manage such data appropriately.

5. Measures in the Event of an Incident

In the event of an incident such as the leakage of Personal Information, the Company shall investigate the facts and causes, implement measures to prevent secondary damage and recurrence, and respond appropriately.

6. Continuous Improvement

The Company continuously engages in reviews and implements improvements in order to ensure that the Personal Information is handled properly.

TOYOTA CENTRAL R&D LABS., INC.
President and Chief Research Officer: Takashi Shimazu

The Japanese version of this Privacy Policy shall be the original and official version. The English translation is provided for reference purposes only. In the event of any discrepancy, the Japanese version shall prevail.