ASSC Worker’s Voice (AWV) Privacy Policy

Effective Date: July 3, 2020

The Global Alliance for Sustainable Supply Chain (hereinafter, “ASSC”) hereby establishes in the following the policy regarding the processing of Personal Information in ASSC Worker’s Voice (hereinafter, “AWV”), the application software provided by ASSC.
The definitions of terms in the policy are based on the Act on the Protection of Personal Information (hereinafter, “Personal Information Protection Law”) and related laws.

  1. Compliance with Related Laws and Guidelines

    ASSC complies with the Personal Information Protection Law and other related laws and regulations, guidelines set by the Personal Information Protection Commission, EU General Data Protection Regulation (GDPR) and other applicable related laws and this Privacy Policy (hereinafter, “The Policy”), and handle Personal Information in a lawful and appropriate means. The Policy is subject to change based on the applicable laws.

  2. Collecting Personal Information

    ASSC will collect Personal Information its users provided to ASSC in an appropriate and lawful means within the scope of initiatives undertaken by ASSC.
    ASSC may ask the users the following information for AWV usage.

    1. User Provided Information
      • Age or Date of Birth
      • Name
      • Email Address
      • Other Information such as passwords to verify the identity of the person accessing the account
      • Information established by ASSC to be collected by the application or the website
      • Any other information about the user specified by ASSC
    2. Terminal Information

      ASSC may obtain the terminal identifier, mobile device identifier and IP address when the user utilises AWV on the terminal or mobile device. Also, ASSC may obtain any other information you choose to provide, such as the name the user associated with the device, device type, phone number, country and username, or an email address.

    3. Location Information

      ASSC may obtain information about the location of the user, if AWV is utilised on a terminal or a mobile device and the user authorises it to do so.

    4. Information on User Actions

      ASSC may, when utilising ASSC services, collect and store information that the user directly provided to ASSC or information furnished via a third party service provider of AWV. ASSC may also collect information about a user’s AWV usage status and interactions with other users.

    5. Communication Function

      ASSC may record and store information of archived communication, if users utilised AWV in their communication with other users and maintained a certain level of activity in information sharing (including text, user profile, messages, photos, images, audio, video, applications and any other information content).

    6. Collecting Information Using Cookies

      ASSC collects the following specific technical information when the user accesses AWV. ASSC and service providers standing in proxy for ASSC use log files and tracking technology to collect and analyse cookies, IP addresses, device types, mobile device identifiers, browser types, browser languages, reference and exit pages, platform type, number of clicks, domain name, landing page, number of browsed pages and page browsing order, URL of each page, browsing time of specific page, application or website statuses, date and time of activity on ASSC application or website, and any other information. The information will be intended for internal use and ASSC may also associate this information with your user ID number. Additionally, ASSC may also use (i) a web beacon to check whether a specific page has been viewed or whether an email has been opened, (ii) other technologies, including tracking pixels, that excludes existing users from a specific promotional message, identify a new installation source or providing advertisements for users on other websites allowing advertisements to be more effective.

    7. Information Collected with External Services

      ASSC may collect information the user gave the external service the permission to disclose through the user ID used in the external service and the privacy setting entered by the user.

  3. Purpose of Personal Information Usage

    The Personal Information provided to ASSC by the user will be used within the scope of the purpose of use as described below or will be used within the scope of the purpose of use where the purpose is clear as to how the information was collected and ASSC will not use the Personal Information provided by the user for any other purpose unless the user agrees to do so or it is specified in the application’s terms of use, etc. or permitted by law.

    1. Purpose of use of Personal Information for those employed in factories, stores, offices etc.:
      • Survey/research/analysis of the work environment at the employment location
      • Collection of information on the work environment at the employment location
      • Securing safety at the place of employment
      • Providing the result on the information analysis
      • Providing advice on employee behaviours
      • Proper and smooth communication with users
    2. Purpose of use of Personal Information related to organisations the user belongs to (hereinafter, “affiliated organisation”), its trading partners (hereinafter, “business partner”) and other companies in the same industry (hereinafter, “industry peers”),
      • Survey/research/analysis of the work environment at the employment location of the user
      • Collection of information on the work environment at the employment location of the user
      • Securing safety at the employment location of the user
      • Providing the result on the information analysis
      • Providing advice on business partners’ behaviours
      • Notifications/reports to government agencies/member organisations
      • Proper and smooth communication
      • Contributions to magazines/websites
  4. Subcontracted Work

    ASSC may subcontract the processing of Personal Data to partner companies. However, the Personal Data subcontracted will be limited to the minimum information necessary to carry out the work entrusted to them.

  5. Third-party Provision

    ASSC will not provide Personal Data to third parties (excluding subcontractors) unless there is a prior consent of the user or it is permitted by law.

  6. Shared Use

    ASSC will notify the user in advance or create a state where the user can be informed when utilising Personal Data to share with specific individuals.

  7. Data Transfer

    ASSC may transfer Personal Data from overseas to its offices in Japan. Transfer of Personal Data from factories, stores, offices and other locations in countries and territories within the EU and in the UK to its offices in Japan will be based on the adequacy decision accredited to Japan.

    ASSC shall obtain, in advance, when providing Personal Data based on the adequacy decision by the EU or the UK to a third party in a foreign country, a principal’s consent to the effect that he or she approves the provision of Personal Data to a third party in a foreign country, after having been provided information on the situation surrounding the receiving party necessary for the principal to make a decision on his/her consent, excluding the cases falling under one of the following (1) through (3):

    1. when such third party is in a country prescribed by the rules as a foreign country establishing a Personal Information protection system recognised to have equivalent standards to that in Japan in regard to the protection of an individual’s rights and interests
    2. when the Business Operator Handling Personal Information and the third party who received the provision of Personal Data have implemented coordinated measures, in respect to the processing of Personal Data by such third party, by an appropriate and reasonable method (contract, other form of binding agreements or binding arrangements within a corporate group), providing an equivalent level of protection measures as that of the Personal Information Protection Law
    3. in cases falling under each item of Article 23, paragraph (1) of the Personal Information Protection Law
  8. Management of Personal Data

    1. Ensuring Accuracy

      ASSC strives to keep Personal Data accurate and up-to-date within the scope necessary to achieve the purpose of use, and to erase such Personal Data when it is no longer necessary.

    2. Security Management Measures

      ASSC shall take necessary and appropriate measures to prevent leakage, loss or damage of Personal Data and for other safety management purposes.

    3. Employee Supervision

      In order for the employees to be able to handle Personal Data, ASSC shall implement appropriate training and conduct necessary and appropriate supervision together with the familiarisation with the proper processing of Personal Information.

    4. Subcontractor Supervision

      When entrusting the processing of Personal Data, ASSC will select a partner company that deploys appropriate safety management measures for their subcontractors and will conduct necessary and appropriate supervision of their subcontractors.

  9. Basis for the Processing

    ASSC collects and uses Personal Data only when there is a legal basis. The legal bases are as follows:

    1. When the user gives consent to the processing of his or her Personal Data.
    2. When processing is required to provide the AWV service and achieve the purpose of use.
    3. When processing is required for ASSC to comply with its legal obligations.
    4. When processing is required for legitimate interests sought by ASSC or a third party. The “legitimate interest” may be the use of Personal Data to execute the purposes of use in Article 3 and to collect information to contribute to the improvement of the purposes of use. However, this excludes cases where basic rights and freedoms that require protection of Personal Data, especially if the data subject were a child, take precedence over such right.
    5. When processing is required to execute tasks for the public interest or to exercise the public authority given to ASSC.
  10. Reception of Retained Personal Data

    1. A notification will be made without delay, when a request is made from the user or agent to be notified on the purpose of use of Retained Personal Data, except in the following cases:
      1. When the purpose of use of the Retained Personal Data that identifies the user is clear
      2. When there is a risk of harming the life, body, property or other rights and interests of the user or a third party
      3. When there is a risk to ASSC’s rights or legitimate interest
      4. When required by laws or regulations for ASSC to cooperate with national agencies or local public institutions to execute administrative work and there is a risk of hindrance to the execution of such administrative work
    2. A notification will be made without delay, when a request is made from the user or agent for the disclosure of Retained Personal Data, except in the following cases:
      1. When there is a risk of harming the life, body, property or other rights and interests of the user or a third party
      2. When there is a risk of hindrance for ASSC to appropriately execute its operations
      3. When it violates laws and regulations
    3. The user will be contacted without any delay after an investigation and appropriate action based on the result will be taken, if a person or agent requests correction, addition, or deletion of Retained Personal Data.
    4. Appropriate action will be taken when the request is found to have a reason, if the user or agent requests the suspension or deletion of the Retained Personal Data.
    5. Appropriate action will be taken, if there is a request from the user or agent to restrict the processing of Retained Personal Data.
    6. Appropriate action will be taken, if the user or agent requests that the Retained Personal Data be structured, intended for general use, or received in a machine-readable format. Additionally, the user or agent has the right to transfer such data to other administrators without hindrance by ASSC.
    7. Appropriate action will be taken, if the user or agent disputes the processing of the Personal Data based on the need for processing for the purpose of legitimate interests pursued by ASSC or a third party.
    8. The user has the right not to submit to any decision based solely on automated processes, such as profiling, that will have a legal effect or a similar significant effect on such user.
    9. Please direct the request to the ASSC liaison office listed in 13, if such a request described in prior item 8 exists. The Personal Information provided will be used for the purpose of responding to the request from the user and the user data will be stored with the utmost care. Please note that any invoices or attached documents will not be returned.
  11. Anonymously Processed Information

    ASSC may, based on laws and regulations, obtain Anonymously Processed Information that has been processed by an appropriate method so that no individuals can be identified or Personal Information can be restored, utilise it for analysis, analytics, investigation, etc., and to the extent necessary for the business, ASSC may continuously provide this information to a third party upon declaring that such information is Anonymously Processed Information.

    Regarding Personal Information provided by the EU or the UK based on an adequacy decision, the re-identifying of the anonymised individual will be rendered impossible for anyone after ASSC having deleted information relating to the processing methods (namely, descriptions and personal identification codes, and processing methods that have been deleted from the Personal Information used to create the Anonymously Processed Information (limited to those that such Personal Information can be restored using that information)). The items of Personal Information included in the provided Anonymously Processed Information and the method of providing Anonymously Processed Information are as follows:

    1. Anonymously Processed Information to be created
      Information pertaining to sex and age, etc.
      Information pertaining to the description of consultation
    2. Anonymously Processed Information to be provided to a third party
      1. Information items related to an individual included in Anonymously Processed Information provided to a third party
        Information pertaining to sex and age, etc.
        Information pertaining to the description of consultation
      2. Method of providing the Anonymously Processed Information
        Provided by a server with proper access control, individual email, or post/courier service
  12. Retention Period of Personal Data

    ASSC will retain the Personal Data as long as the account is maintained by the user. ASSC may retain certain user data for security and fraud prevention purposes, even after receiving a request to delete the account.

  13. For Inquiries and Complaints

    The Global Alliance for Sustainable Supply Chain
    ASSC WORKERS VOICE Secretariat

    〒211-0006
    Towa City Coop Shinmaruko 202
    1-chōme−653-7, Marukodōri, Nakahara-ku, Kawasaki, Kanagawa

    Phone: 044-982-1967 (main) Operating Hours: 9:00-17:00 (JST)
    (excluding, Sat, Sun, and public and company holidays)

    Email: voice.office@g-assc.org

  14. Privacy Policy Revisions

    ASSC will review the content of this policy from time to time and may make changes as necessary. In such a case the revised privacy policy will apply from the date of its announcement.