Daifuku Group Information Protection Policy
The protection of personal information (hereinafter referred to as “information security”) is a social responsibility that Daifuku Co., Ltd. and its group companies (referred to below as “Daifuku”) detail in the Basic Policy on Information Security with the aim of ensuring the maximum security.
Basic Policy on Information Security
Daifuku respects the privacy of its website visitors and implements the following policy to protect personal information.
- Daifuku will inform you of the purpose of use, as well as whom to contact with any related inquiries. You will only be asked to provide your personal information within the scope appropriate to the purpose. Daifuku will make use of personal information only within the scope appropriate to the purpose of use to which you have agreed. Daifuku will not supply or disclose your personal information to third parties except in cases where you have agreed beforehand.
- Daifuku will observe laws, regulations, norms and contracts relating to the personal information, secure the safe storage of personal information data, and implement suitable protective and corrective actions against illegal access to, missing, destruction, falsification and leakage of such.
- If you wish to review, correct, update or delete your personal information, please contact us. Daifuku will make the efforts to appropriately respond to your request.
- Daifuku will make the effort to improve the appropriate protection control system for personal information to meet your needs. Daifuku will observe its compliance program relating to personal information protection and improve it continuously.
1. Purpose of personal information collection
Daifuku will collect personal information, for the purpose of improving customer satisfaction by providing a better user experience, including customising products, information and services. We may ask for information such as name, e-mail address, company name, company address, company phone number, etc. for:
- Application for seminars, events, and campaigns
- Answer to online questionnaire
- Request for brochures or online information
- Identification on request and inquiry
- Other information for better communication between you and Daifuku
For purposes not listed above, Daifuku will clearly inform you of the purpose.
2. Use and supply of personal information
Daifuku will use your personal information and supply the information back to you within the scope of the following:
- Daifuku, in principle, will not collect personal information from you without showing the service contents and objectives, or without permission.
- Daifuku may communicate with you through the media such as e-mail, mail, fax, or phone, using your personal information. You can contact us anytime to reject the following services:
- Providing new product release information, technical information, and any other services
- Sending our brochures, magazines and other documents
- Providing invitations to an exhibition, seminar, campaign, online questionnaire and other events
- Showing necessary information on the product you purchased or the services you signed up for
- Daifuku will make the efforts to appropriately respond to your request to review, confirm, correct or delete your personal information, aiming to update it. Please contact us.
3. Disclosure to third parties
Daifuku will never disclose the customer’s personal information except the following cases of:
- Obtaining the customer’s consent
- Disclosing to the third parties (which sign confidentiality agreements with Daifuku) to the necessary extent, to provide our services and information to the customer
- Sharing appropriate information with our affiliate companies and agents responding or following up the customer
- Receiving request to disclose according to laws and regulations
4. Fair management of personal information
To protect your personal information, Daifuku follows the guidelines below:
- Daifuku implements strict security measures to prevent missing, misuse or alternation of personal information under its management.
- Daifuku stores the registered personal information in safe circumstances protected by firewall where un-authorized people cannot access.
Information Security Policy
This overarching policy provides top-level policies for information security in order to ensure that Daifuku and its affiliate companies (the Daifuku Group) protect their information assets.
The Information Security Regulations provides details for the following information security controls.
- Information Security Management Organization
In order to carry out information security, an organisation should be implemented to promote the information security management. The organisation should also provide and develop the information security promotion plan for the Daifuku Group.
- Information Asset Management
All information assets that should be protected will be managed appropriately and classified according to priority and the information’s storage medium.
- Information System Management
In order to ensure that the information system maintains accuracy and security, the process for information system management should include the following:
(1) Network management
(2) System management
(3) Data management
(4) Vulnerability management
(5) Change management
(6) Log management
- Physical Environment Management
In order to prevent the information assets and the information system from loss, obstruction, or unauthorized physical access, all fields of information assets of the Daifuku Group should be controlled securely by providing necessary security controls such as physical protection, safeguards against criminals and fire, and access control.
- Human Resource Management
During the course of employment, the Daifuku Group is committed to providing information security instructions, agreements, information system guidance, training and enlightenments for executives, employees, temporary workers and all people who have access to the Company’s information assets to ensure that they understand and fulfil their specific information security responsibilities.
- Outsourcing Management
In the case of outsourcing related to information asset handling, a Non-Disclosure Agreement, which defines and controls the outsourcer’s responsibility, should be provided to ensure information asset protection.
- Compliance Management
In order to avoid any breach of information security regulations, contractual obligations, or security requirements, this policy and the Information Security Regulations should follow each country’s laws. The local information asset operation and local information security policy based on each country’s or regional rules should also follow these laws.
- Incident Management
Incident management should be carried out consistently and effectively, including all security incident reports, such as information leaks by virus infections, in order to ensure that the Daifuku Group is committed to build incident management plan and structure.
- BCP (Business Continuity Plan) Management
Regardless of any risk of threat, the Daifuku Group should cope with the suspension of business activities caused by the information system’s critical failure. In order to ensure important business processes are secured and continued without delay, the Daifuku Group is committed to building and maintaining the BCP, BCP training, and a BCP report framework.
- Assessment and Audit
In order to maintain and improve information security management, the assessment of effectiveness or activities for promoting information security measures should be implemented. An assessment or audit should be repeated periodically.
Enactment date: April 1, 2005
Revision date: April 1, 2016