Your privacy and trust are important to us and this Privacy Statement (“Statement”) provides important information about how Topcon (“Topcon”, “we” or “us”) handle personal information. This Statement describes which personal data we collect through our website, application, product, software, or service that links to such website, application, product and or software as well as through our sales and marketing activities (collectively, our “Services”) and the purpose why we process your personal information.
Subject of data protection is personal data (hereinafter “personal data” or “personal information”). Pursuant to Art 4 No. 1 GDPR, this is all information relating to an identified or identifiable natural person; this includes, for example, names or identification numbers.
Please read this Statement carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices.
You can contact our Data Protection Officer as follows: firstname.lastname@example.org
It is important that you check back often for updates to this Statement. If we make changes we consider to be important, we will let you know by placing a notice on the relevant Services and/or contact you using other methods such as email. A current version of this Statement is always accessible on our website.
This Statement was last updated on May 25, 2018.
- What Information about You is Collected by Topcon?
Topcon may request and/or collect certain personal information from you whenever you interact with us, when you enter personal information on our website or provide us with personal information in any other way including your name, address, email address, telephone number, etc., as well as information related to customer satisfaction surveys, customer purchasing habits, warranty information and/or other purchasing information or other information volunteered by you. Topcon may also collect other technical information such as your IP address, MAC address, internet service provider, computer operating platform, web browser, and other similar information. We also collect personal data such as name, surname, e-mail and phone number of the relevant contact person of your company. If you work as an individual we will also collect payment information such as bank information and VAT number. You are under no obligation to provide any personal information to Topcon. However, the information Topcon learns from customers helps us personalize and improve the experience at Topcon’s websites. If you don’t provide such information, some features of Topcon’s websites may not be available to you.
We also collect personal information from third parties such as our partners, service providers, and publicly available websites, to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services.
- Name and Contact Details of Data Controller Handling Personal Information
– Topcon Healthcare Solutions EMEA Oy (Saaristonkatu 23, 90100 Oulu, Finland) – topconhealth.eu
– Topcon Healthcare Solutions, Inc. (111 Bauer Drive, Oakland, New Jersey 07436 USA) – topconhealth.com
- How Does Topcon Handle Your Personal Data?
- Topcon collects, obtains, uses and provides personal information in an appropriate manner.
- Topcon makes best efforts to ensure personal data to be precise and up-to-date.
- Topcon takes necessary and appropriate measures to manage personal data including protecting personal data against unauthorized access, loss, leak and damage.
- Topcon complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. In determining data retention periods, Topcon takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers
- Topcon complies with laws, regulations and the guidelines for them as well as internal rules on personal information.
- When contracting the handling of personal data to a third party, Topcon only entrusts to a contractor who meets the requirements based on Topcon’s internal rules. Topcon manages such contractors in an appropriate manner.
- Topcon remains up to date towards any change of the EU (and local) legislation regarding data protection (including the General Data Protection Regulation – GDPR).
- What is the Purpose and Legal Basis of Processing Personal Information?
We collect, use, disclose, transfer, and store personal information when needed to provide our Services and for our operational and business purposes as described in this Statement.
Topcon ensures that, in the process of providing its products and services, it will obtain only personal data necessary to carry out its business through the Topcon business entities for the purposes of use (as described below).
Topcon may process your personal information for the following purposes:
– Sales of Products – Providing with products and services that Topcon and its subsidiaries and partners offer (“Products“) and managing contractual relationship related to providing Products and other business activities. The processing of personal data is carried out on the basis of legal regulations that allow us to process personal data to the extent necessary for the use of a service or the performance of a contract, Art 6 para. 1 b) GDPR.
– Use of Products – Planning, development, manufacturing, installation, support, training and maintenance of machines and equipment, providing and distributing information such as information on Products, contact you about warranty, service and sales issues. The processing of personal data is carried out on the basis of legal regulations that allow us to process personal data to the extent necessary for the use of a service or the performance of a contract, Art 6 para. 1 b) GDPR.
– Marketing and Communication – Information communication and information processing services & advertising and holding campaigns, exhibits and other events to promote Products as well as deliver and suggest tailored content such as news, research, reports, and business information and to personalize your experience with our Services & Providing and distributing brochures, materials and samples of Products. When you communicate with us or sign up for promotional materials, we process such data on the basis of our legitimate interest, Art 6 para. 1 f) GDPR, and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent, Art 6 para. 1 a) GDPR. If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
– Improvement of Our Website – personalizing your experience at our websites; selectively sending you information that may be of interest to you; contests and sweepstakes; market research and online surveys; automatic monitoring of statistical information to determine how Topcon’s websites are being used. The processing of personal data is carried out because Topcon has a predominant legitimate interest in making the use of the website as easy and efficient as possible, Art 6 para. 1 f) GDPR. (for more information see Section 5 below)
– Improvement of our Products – Conducting surveys on Products and analysis of the results. The processing of personal data is carried out because Topcon has a predominant legitimate interest to enhance your experience and to develop and improve our products, Art 6 para. 1 f) GDPR.
– Application Process – We collect personal data relating to job applicants in connection with our employment application/recruiting process. In instances where personal data is collected in connection with a specific open position we will store the subject personal data for no more than 30 days following the date on which the subject opening is no longer available. In instances where personal data is collected that is not specifically associated to an open position we will store the subject personal data for no more than 180 days. Should we wish to keep your personal information on file longer for consideration for future suitable employment opportunities with us we will ask for your consent, which, if given, can be withdrawn at any time.
- Cookies and Analytics
We store so-called “cookies” in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. “Cookies” are small files that are stored on your computer with the help of your internet browser. If you do not wish the use of “cookies”, you can prevent the storage of “cookies” on your computer by making the appropriate settings in your internet browser. Please note that this may limit the functionality and range of functions of our offer.
In particular, we use the following cookies:
Google Analytics – to monitor and analyze traffic coming to the site and page visits while on the site
Hubspot – to analyze visitor interactions with the site for site troubleshooting and design improvement
The information generated by the cookie about your use of our Site (including your shortened IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate your use of our websites, to compile reports on website activity for website operators and to provide other services associated with the use of our Site and services related to the use of the internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.
You can disable Google Analytics by using a browser add-on if you do not want the website analysis. You can download the browser add-on here: http://tools.google.com/dlpage/gaoptout?hl=en .You can object to the use of Google Analytics.
Google Analytics is used on the basis of our legitimate interest in a demand-oriented design, statistical evaluation and efficient advertising of our Site and the fact that your legitimate interests do not outweigh, Art 6 para. 1 f) GDPR.
- Processing of Sensitive Personal Data
We do not process any sensitive personal data (e.g. health or religious data) from you unless we have previously asked for your written consent, Art 9 para. 2 a) GDPR.
- Sharing Your Personal Data
Your personal data will be shared within the following entities:
- Our Group of Companies and we have made sure that the entire Topcon Group respect the GDPR and only share your personal information within the Topcon Group if this is legitimate, e.g. because there are necessary intra-group agreements in place or because it serves internal administrative purposes in which case we will weigh up your conflicting interests in accordance with the GDPR.
- Third party service providers which have been thoroughly selected based on their compliance with the GDPR and only when to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us. We will enter into the necessary legal agreements with the third-party service providers in order to secure your personal information.
- Business Partners – Topcon may share personal information with business partners in order to improve your experience with Topcon and for Topcon’s marketing purposes. Topcon may share non-personal aggregate data about sales, customers, visitors to the site and related site information with third parties. We will enter into the necessary legal agreements with our business partners in order to secure your personal information.
We do not sell or share your personal information to or with any other third parties.
- Your Rights and Your Personal Data
You have the following rights with respect to your personal data:
Right of access
You have the right to request from us access to the processed personal data concerning you to the extent of Art 15 GDPR at any time. For this purpose, you can send your request via email to the address stated above.
Right to rectification of incorrect data
You have the right to request from us the immediate rectification of the personal data concerning you, if these are incorrect. To do this, please contact the contact address stated above.
Right to erasure
Under the requirements set out in Art 17 GDPR you have the right to request from us the erasure of the personal data concerning you. These requirements especially provide a right to erasure where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, the personal data have been unlawfully processed, you object to the processing or the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the we are subject. Regarding the period for which the personal data will be stored please refer to No. 13 of this data protection declaration. To assert one of the above-mentioned rights please contact us under the contact address stated above.
Right to restriction of processing
You have the right to request us to restrict the processing according to Art 18 GDPR. This right especially exists when the accuracy of the personal data is contested between the user and us, for a period enabling us to verify the accuracy of the personal data, in the case that the data subject who has a right to erasure opposes the erasure of the personal data and requests the restriction of their use instead, for the case that we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims as well as if the successful exercise of an objection between us and the user is still controversial. To assert the above mentioned right please contact us under the contact address stated above.
Right to data portability
You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format according to Art 20 GDPR. To assert one of the above-mentioned rights please contact us under the contact address stated above.
Right to object
Pursuant to Art 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on lit e) or f) of Art 6 para. 1 GDPR. We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to lodge a complaint
You also have the right to lodge a complaint with the responsible supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
A list of all European data protection authorities can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
- Marketing Communication
We like to send you free publications like product news and insights, press releases and company news, as well as invitations for events, training and webinars.
Your personal data will be processed in order to be able to offer you the contents as ordered by you, Art 6 para. 1 b) GDPR.
You can unsubscribe from these communications at any time. Each communication contains information on how you can cancel the subscription with effect for the future.
In case of other e-mail-marketing related to direct marketing, we reserve the right to send you information on goods and services similar to those you have purchased from us by e-mail. You can object to receiving such information by email at any time. Each email contains information on how to unsubscribe from future emails.
- Cross-border Personal Data Transfer and Storage of Your Personal Data
Topcon is a global organization, and your personal information may be stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Statement and the requirements of applicable law wherever the data is located. Regardless of location, Topcon handles personal data as described in this Statement.
Topcon has networks, databases, servers, systems, support, and help desks located throughout our offices around the world. We collaborate with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within Topcon or to third parties in areas outside of your home country. The areas in which these recipients are located will vary from time to time, but may include the United States, Japan, Europe and other countries where Topcon has a presence or uses contractors.
When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your personal information. For example, we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact our Data Protection Officer.
- How Long Do We Keep Your Personal Information?
We erase or make your personal information anonymous as soon as they are no longer required for the purposes for which we have collected or used them in accordance with this Statement. As a rule, we store your personal data for the duration of the usage or contractual relationship plus a reasonable period of time in which we keep backups after deletion.
- Security and Safety Measures
Topcon takes data security seriously, and we use appropriate technologies and procedures to protect personal information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
- Links to Other Websites
Topcon’s websites may contain links to other websites. These third-party websites have their own privacy policies, including cookies, and we encourage you to review them. They will govern the use of personal information that you submit or which is collected by cookies whilst visiting these websites. This Statement does not apply to third party websites and any personal data you provide to third party websites is at your own risk.