CYBERDYNE Inc.

(The English translation from the original in Japanese.)

1.      Introduction

The Privacy Policy explains how personal information obtained by CYBERDYNE, INC., its Japanese subsidiaries Shonan RoboCare Center Co., Ltd., Oita RoboCare Center Co., Ltd., Suzuka RoboCare Center Co., Ltd., Cyberdyne Care Robotics GmbH, CYBERDYNE Europe GmbH(subsidiary of CYBERDYNE in Germany) and CYBERDYNE USA Inc. (subsidiary of CYBERDYNE in USA, and, together with the aforementioned companies, collectively referred to as “CYBERDYNE”) from customers/shareholders as well as CYBERDYNE’s officers, employees, any other person who is or was engaged in the business of CYBERDYNE (collectively referred to as “employees”) is utilized. Please read this Privacy Policy carefully when using CYBERDYNE’s services, software and website (collectively referred to as “services”). Any use by customers/shareholders of CYBERDYNE’s services and products or any engagement by employees in CYBERDYNE's business shall be deemed to have been conducted after having fully understood and agreed to this Privacy Policy.

2.      Scope of application

This Privacy Policy will be applied when customers/shareholders use CYBERDYNE’s services and products or when employees engage in the business of CYBERDYNE.

3.      Purposes of using personal information

CYBERDYNE utilizes personal information obtained from customers/shareholders/employees for the following purposes (collectively, the “purposes”)

(1)    Purposes of utilizing customer’s personal information

1.       For receiving applications for and providing the products and services offered by CYBERDYNE

2.       For guidance, provision and management of other services and products offered by CYBERDYNE

3.       For research, analysis and recruiting activity related to CYBERDYNE's business. 

4.       For all operations incidental or related to 1 – 3 above.

5.       For implementation of questionnaires concerning the services and products, etc., offered by CYBERDYNE

6.       For development of new services and products

7.       For guidance, operation, management and provision of information regarding various events and campaigns

8.       For notification of services and products offered by CYBERDYNE

9.       For guidance, operation, management and notification of services, products, events and campaigns of CYBERDYNE as well as its group companies and partner companies

10.    For fulfilling obligations and delivering printed materials to CYBERDYNE’s shareholders

11.    For responding to inquiries and requests

(2)    Purposes of utilizing employee’s personal information

1.    For recruitment and employment, social insurance, provision of benefit packages, business communication, legally required procedures and any other procedures related to employment management

2.    For decision and payment of salary, tax withholding procedures, payment of prefectural and municipal inhabitants’ taxes, and any other procedures related to salary payment

3.    For performance evaluation, posting, promotion, secondment, leave of absence, reinstatement and any other procedures related to personnel changes

4.    All operations incidental or related to the above

(3)    Purposes of utilizing shareholders’ personal information

1.  For exercising rights and performing obligations under the Companies Act in Japan,

2.    For operating and recording the shareholders' general meetings,

3.    For promoting the exercise of voting rights, and for providing and offering various benefits for the status as a shareholder including shareholders special benefit programs,

4.    For preparing data, etc. pursuant to applicable laws and regulations, and managing the shares,

5.    For providing shareholders with information on IR activities,

6.    Amongst the relationship between shareholders and CYBERDYNE, for implementing various measures to facilitate the relationship between shareholders and CYBERDYNE from the perspective of being members of an association, and

7.    For implementing any and all operations incidental or related to Items 1 to 6 above.

4.      Acquisition of personal information

CYBERDYNE will obtain the following personal information from customers, shareholders and employees by fair and appropriate means in order to achieve the purposes defined in Article 3. The following items are merely examples and, depending on the case, may not be considered personal information. 

(1)        Acquisition of personal information from customers

1.    Personal information provided to CYBERDYNE by customer when applying for or using the services or purchasing, renting or using the products.

The customer’s name, gender, date of birth, address, telephone number, fax number, email address, business contact, mailing address, physical and medical information relating to use of the products or services and information related to the usage of other products or services.

2.    Information provided to CYBERDYNE by customer upon visiting CYBERDYNE's website

IP address, cookies and web beacons, etc. will be obtained from the customer's browser upon visiting CYBERDYNE's website which provides the services to the users and information on advertisements, access history and access situation of websites and the customer’s usage environment will be automatically collected.

(2)        Acquisition of personal information from employees

1.    Basic information of employees such as name, address, department, title, etc.

2.    Information regarding employee's family such as names and existence of dependents, etc. 

3.    HR information such as qualification/license, personnel changes, performance evaluation, official commendation and disciplinary punishment

4.    Information related to salary, bonus, retirement allowance and pension, etc.

5.    Information related to benefit packages such as status of use of welfare programs

6.    Information related to health such as health check results

(3)        Acquisition of personal information from shareholders

Personal information of shareholders necessary to achieve the purposes of use described in Article 3, including shareholder’s name, address, number of shares held, and shareholder number.

CYBERDYNE will never obtain or use information of a sensitive nature to the customer/shareholder/employee (hereinafter, “sensitive information”), such as information on race, beliefs, social standing, medical history, crime records, and history of having been a victim of a crime, unless explicitly stated otherwise in this Privacy Policy or as required by laws and regulations or for which the consent of the customer/shareholder/employee is obtained.

5.      Choice by the customers/shareholders/employees

As a rule, CYBERDYNE obtains personal information by the volition of the customers/shareholders/employees. Customers may experience disadvantages if they refuse to provide their personal information, such as being unable to make use of the various services provided by CYBERDYNE, or being unable to receive campaign notices and other CYBERDYNE information because part or all of the functions of CYBERDYNE’s system become inoperable and thereby unavailable. The same circumstances will apply to employees who are engaged in CYBERDYNE’s business operations. Please note that customers/shareholders/employees may at any time change their contact information, in a manner designated separately by CYBERDYNE.

6.      Disclosure and provision of information to third parties

CYBERDYNE will not disclose or provide the personal information of customers/shareholders/employees to any third parties, except under the following circumstances:

1.    Customer's/shareholder’s/employee's consent has been obtained;

2.    Disclosure or provision is required or within the scope allowed by laws or regulations;

3.    Disclosure is required to protect human life, health, or property in cases where obtaining customer's/shareholder’s /employee's consent is difficult;

4.    Disclosure is required to cooperate with the public affairs of national or local governments, and when obtaining customer's/shareholder’s /employee's consent is likely to hinder the administration of public affairs;

5.    Disclosure or provision of information as statistical data (in a format that does not disclose the customer’s, shareholder’s or employee’s identity);

6.    Provision of information as a result of the succession of business due to a merger, company split, transfer of business or otherwise;

7.    Provision of information in accordance with procedures based on laws and regulations, under the condition that the following information can be easily checked by the customer, shareholder or employee themselves through the CYBERDYNE website, etc., and that the customer/shareholder/employee has not declared their wish to refuse provision of their information:

①       The purpose of obtaining information is to provide such information to a third party;

②       The specific personal data items to be provided to a third party;

③       The means by which such personal information is provided to a third party;

④       The fact that the provision of information will be suspended upon the customer's/shareholder’s/employee's request; and

⑤       The methods for accepting requests from customers/shareholders/employees

Further, personal information of the customer/shareholder/employee which includes sensitive information will not be provided to a third party for any reason, unless such provision is stipulated under the laws or regulations or consent is obtained from the customer/shareholder/employee.  Data sharing or provision to business entrusted companies shall not be considered as disclosure or provision to a third party. 

7.      Data Sharing

CYBERDYNE will share customer/employee information as follows:

(1)    Scope of Data Sharing

CYBERDYNE, INC., its consolidated subsidiaries and affiliated companies accounted for by the equity-method as stated in the annual securities report, etc.

(2)    Purpose of use by the user

1)       Personal information of customers

1.       For development of new services and products, etc.

2.       For notification of new products and services

3.       For delivery and transfer to relevant company in the event of an inquiry, application for use or other request from a customer regarding products and services provided by CYBERDYNE or its group companies

4.       For appropriate and smooth fulfillment of other transactions with customers, etc.

2)       Personal information of employees

For using personal information of employees such as information defined in “3. Purposes of using personal information” and to conduct business communications.

(3)    Personal information items to be shared

1)      Personal information of customers

Customer ID, customer name, gender, date of birth, address, telephone number, fax number, email address, business contact (name of company, department, title, address, telephone and fax numbers), mailing address, information on physical conditions or diseases related to service offered by CYBERDYNE, record of service use, vital information (heart rate, blood pressure, pulse), transaction history, etc.

2)      Personal information of employees

Employee name, address, department, title and other basic information of the employee stated in “4. Obtaining personal information”

(4)    Head of administration for data sharing

CYBERDYNE, INC.

8.      Business entrustment

In providing products and services to customers or handling the personal information of employees, CYBERDYNE may entrust part of its business operations to third parties to which personal information may also be disclosed to the extent required to achieve the purposes of the entrustment. In these cases, CYBERDYNE will implement all appropriate measures in managing and supervising such third parties to safeguard the handling of customers'/employees' personal information, including executing agreements on the handling of such personal information.

9.      Transfer to outside of Japan

If CYBERDYNE provides customers’/employees’ personal information to third party business operators outside of Japan, including business entrusted companies and data sharing partners, CYBERDYNE will take necessary and appropriate measures in compliance with the laws and regulations.

10. Management of personal information

In receiving customers’/shareholders’/employees’ personal information, CYBERDYNE will manage such information according to the strictest standards and take the utmost care to prevent leaks, losses, or alterations. CYBERDYNE ensures that its officers and employees are properly trained regarding appropriate handling to safeguard the security of information identifying individual customers/shareholders/employees An appropriate retention period for personal information will be established in accordance with the purpose for which such information is used. After the purpose of the information has been achieved, CYBERDYNE will dispose of the information in question by appropriate methods.

11. Requests about handling of personal information

If CYBERDYNE receives a request from a customer/shareholder/employee, submitted in the manner specified, regarding the disclosure, correction, deletion, addition, discontinuance, or erasure (hereinafter, “disclosure, etc.”) of such customer's/shareholder’s/employee's personal information stored in a database held by CYBERDYNE, the request will be handled as follows, within a reasonable timeframe and scope, after confirming that the request was submitted by such customer/shareholder/employee themselves.

(1)    Request for disclosure

Personal information items will be disclosed in accordance with the customer's/shareholder’s/employee's request.

(2)    Request for correction, deletion, or addition

Correction, deletion or addition of personal information will be undertaken wherever possible after due review of the request.

(3)    Request for discontinuance or erasure

The use of personal information items designated by customers/shareholders/employees will be discontinued, and the relevant information erased if so desired, in accordance with the submitted request. However, please note that such requests may prevent customers from being provided with services that they have utilized, or may impede the provision of services in accordance with their wishes. For the employees, it may prevent them from engaging in company business.

CYBERDYNE may not be able to fulfill the customers’/shareholders’/employees’ requests if compliance with such request would seriously impede CYBERDYNE’s business operations or result in a violation of the laws and regulations.

12. Submission of request for disclosure, etc.

The method for submitting requests for disclosure, etc., or notification of purposes of use of personal information received by CYBERDYNE from a customer/shareholder/employee is as follows:

(1)    How to make requests

Please send the required documents by postal mail or e-mail to the address below.

Address:

Personal Information Handling Desk, Corporate Department

CYBERDYNE, INC.

2-2-1, Gakuen-minami, Tsukuba, Ibaraki, 305-0818, Japan. 

E-MAIL:

privacy@cyberdyne.jp

(2)    Documents required for confirmation of identification of individual, etc.

1)      For the individual

Copies of two from the following: driver’s license, passport, health insurance certificate, basic resident registration card with photo, pension insurance booklet, physical disability certificate, resident card or special permanent resident certificate, certificate of seal registration, Individual Number Card (front side only)

2)      For a representative (Both (a) and (b) below are required)

(a) Letter of proxy (legal representatives must provide a certifying document)

(b) Document to identify the representative (copies of two from the following: driver’s license, passport, health insurance certificate, basic resident registration card with photo, pension insurance booklet, physical disability certificate, resident card or special permanent certificate, certificate of seal registration, Individual Number Card [front side only])

(3)    Fee

A fee may be charged depending on the type of request.

13. Modification of this Privacy Policy

CYBERDYNE may make modifications to this Privacy Policy. If modifications are made, details will be posted on the CYBERDYNE website (https://www.cyberdyne.jp/english/), so please be sure to carefully read the contents of any changes made.

In addition to Chapter 1, Chapter 2 will also be applied to the handling of personal information of customers/employees residing in the European Economic Area, which consists of the European Union member States, Norway, Iceland and Liechtenstein (the “EEA”) based on the "REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive “95/46/EC”" (the "GDPR"). In the event of any provision of this chapter contradicting those of chapter 1, the provisions of this chapter shall prevail. In particular, items 6. and 9. in Chapter 1 do not apply upon the handling of personal information of customers and employees residing in the EEA.

1.      Legal basis for handling personal information

CYBERDYNE handles personal information of its customers/employees based on their consent to this Privacy Policy. Furthermore, CYBERDYNE may utilize personal information for the purpose of achieving the rightful benefit of CYBERDYNE or a third party (including but not limited to the benefit generated by requests from customers to CYBERDYNE for the provision of its products and services and the benefit generated by the smooth maintenance of the employment relationship between CYBERDYNE and the employees' management).

A guardian’s consent or permission to consent to this Privacy Policy must be obtained in the event of a customer under the age of 16 using CYBERDYNE’s services. The data subject’s consent to this Privacy Policy must be obtained in the event that a person such as a family member applies for CYBERDYNE’s services on behalf of the data subject.

2.      Request about handling of Personal Information

An EEA resident, has a right to withdraw their consent, request a copy of their personal information, request correction, request to delete or limit the usage of personal data, and request data portability to CYBERDYNE. Furthermore, an EEA resident may object to the handling of their personal information (including personal information handled by CYBERDYNE for direct marketing) if it is recognized by law.

If CYBERDYNE receives a request from an EEA resident, submitted in the manner specified, for copying, correcting, deleting and limiting the usage of their personal information, the request will be handled as follows, within a reasonable timeframe and scope, after confirming that the request was submitted by the customer/employee themselves according to Chapter 1, Article 11 (Request about handling personal information).

(1)    Request for withdrawal

Personal information will be deleted or suspended in accordance with the customer’s or employee's request, wherever possible and appropriate, after due review of the request.

However, please note that such requests may prevent customers from being provided with services that they had utilized, may impede the provision of services in accordance with their wishes, or may prevent employees from engaging in CYBERDYNE's business.

(2)    Request for data portability

A copy of the personal information held by CYBERDYNE will be provided in accordance with the customer's/employee's request, wherever possible and appropriate, after due review of the request.

(3)    Objection to data processing

The use of personal information will be suspended, wherever possible and appropriate, after due review of a request therefor.

(4)    Making a request or an objection

Customers/employees may submit such request by the method provided in Chapter 1, Article 12.

3.      Transfers to outside the EEA

CYBERDYNE may provide the customers'/employees' personal data to third parties, such as its affiliates, cloud vendors and outside contractors, etc. to implement the purposes of use specified above. Since countries located outside the EEA (including, without limitation, Japan and the U.S., the same shall apply hereafter) are among the locations of third parties to whom CYBERDYNE will disclose the personal data of the customers/employees, the customers/employees shall be deemed as having consented to the following matters by consenting to this Privacy Policy:

1.        In the case that the country in which the third party is located is outside the EEA, such country does not have the same data protection laws as the EEA, many of the rights provided in the EEA to the data subjects of the data will not necessarily be secured.

2.        The customers'/employees' personal data may be provided for the purposes specified above to the subsidiaries and affiliates of CYBERDYNE or third parties, outside the EEA.

4.      Change of purposes of use of personal data

In the case of a change to the purposes of use of personal data, CYBERDYNE will announce the revised Privacy Policy in advance on the CYBERDYNE website (https://www.cyberdyne.jp/english/). If the purposes of use after such change differ from the original purposes of use, CYBERDYNE will ask for consent from the customers/employees regarding the revised purposes of use.

5.      Lodging a complaint with an authority

Customers/Employees have the right to express a complaint on the processing of their personal data with the data protection authority having jurisdiction over their residence. Customers/employees are requested to use the following URL to contact the authority having jurisdiction over their residence:（http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080）

6.      Holding period of personal information

CYBERDYNE will store personal information for 10 years after obtaining the information; provided, however, that this shall not apply in the case where CYBERDYNE is obliged or allowed to store the same for more than 10 years due to the provisions of laws or regulations or of contracts.

(Originally enacted October 17th, 2018)

(as of June 8th, 2021)

1.      Personal Information processed for commercial transactions in Malaysia.

In addition to Chapter 1, Chapter 3 will be applicable for personal information processed by CYBERDYNE's services in Malaysia or any other person authorized by CYBERDYNE in Malaysia to process the personal information in respect of commercial transactions ("Malaysian Data"). If your personal information is collected by CYBERDYNE services or any person authorized by CYBERDYNE in Malaysia, this Chapter 3 shall be applicable to you.

In this Chapter 3, "you" "your" "individual" shall refer to customers, employees and shareholders using the CYBERDYNE services in Malaysia.

2.      PDPA Notice and Consent

This Chapter 3 is made available in both English and Malay language and shall serve as a personal data protection notice to all individuals who wishes to provide their personal data to CYBERDYNE in order to use the services offered by CYBERDYNE. By clicking the "I AGREE TO SHARE MY INFORMATION" button herein, it shall be deemed that you have consented to us processing your personal data in accordance with this Privacy Policy. The acceptance and consent granted herein shall remain valid so long as the personal data is required by CYBERDYNE to fulfill the Purposes as stipulated in this Privacy Policy.

In the event that the personal data to be provided is involving of minors (i.e. individuals under 18 years of age) or individuals not legally competent to give consent, you confirm that they have appointed you to act for them, to consent on their behalf to the processing (including disclosure and transfer) of their personal data in accordance with this Policy.

Please do not access and use and please cease accessing and using CYBERDYNE services or any part thereof if you do not agree to this Privacy Policy or do not consent to us processing your personal data.

3.      Compliance with Malaysian laws, rules and regulations.

All Malaysian Data processed under this Chapter 3 shall be in accordance with the purpose stated in this Privacy Policy and pursuant to the Malaysian Personal Data Protection Act 2010 (Act 709) (hereinafter referred to as "PDPA") and relevant directives from the Malaysian Ministry responsible for personal data protection (further known as "Ministry") on collection, holding, storage, sharing, processing and the use of your personal data and other relevant matters as defined in PDPA.

Personal information for Malaysian Data will be referred as "personal data" in this Chapter 3. “Personal data” and other terms defined under PDPA when used in this Privacy Policy shall have the same meaning as defined under the PDPA. In the event of any inconsistencies of terms between Chapter 1 and Chapter 3, the terms in this Chapter 3 shall prevail to the extent that Malaysian Data is concerned. 

4.      Purpose

You acknowledge and consent that by providing your personal data to CYBERDYNE, CYBERDYNE may use, disclose and otherwise process your personal data for the purposes as stated in Section 3 of Chapter 1 of this Privacy Policy ("Purposes").

CYBERDYNE may change the purpose of use as described above in the event of reasonable and relevant requirements catering to the Purposes of the original use. In such a situation, we will notify our customers/employees/shareholders regarding the change in the terms concerning the usage of personal data on our website or other platforms or via e-mail. Therefore, you are advised to check the latest Privacy Policy from time to time.

5.      Collection of Personal Data

Types of personal data collected

The Malaysian Data collected by CYBERDYNE shall include personal information as specified In Section 4 of Chapter 1. In addition to the said personal information, CYBERDYNE may, in certain circumstances collect your sensitive data for the Purpose as specified herein. The following information shall be regarded as "sensitive data" pursuant to PDPA:

“Sensitive Data” is defined under section 4 of PDPA as data consisting of information as to the physical or mental health or condition, political opinion, religious beliefs of a data subject (individual).

By accepting this Privacy Policy, you are hereby considered as having provided an explicit consent for us to process your personal data including sensitive data. Notwithstanding the foregoing, CYBERDYNE may process sensitive personal data for the following circumstances without having to obtain separate permission:

•     for the execution or claim of rights or obligation under the law against an individual in the regards of employment;

•     to protect the interests of an individual or other person, where the truth cannot be granted by the individual or his representative or is impossible for us to obtain permission in a normal and reasonable manner;

•     to protect the interests of an individual or other person, where the permission by the individual or his representative is not deliberately not granted;

•     for medical purposes - under the custody of a professional in the field of healthcare or a person who has the same confidentiality responsibility with professionals in the field of healthcare;

•     for any relevant legal action;

•     to seek legal advice;

•     to create, carry or defend the rights under the law;

•     to administer the system of legal justice;

•     to carry out any function given to a person by or under the law;

•     other purposes perceived by the Ministry; or

•     the information contained in personal data has been publicly known as a result of an individual's actions and in such instance, we will not be required to obtain the individual’s permission in respect of such personal data.

How we collect

Pursuant to Section 4 of Chapter 1,  CYBERDYNE and/or our third-party service providers may collect your personal data by the following means:

•     directly from you;

•     when you apply for or use the services or purchase, rent or use the products of CYBERDYNE;

•     when you register as a member on the CYBERDYNE website or applications;

•     where you access and interact with the CYBERDYNE website or applications;

•     when you communicate with our customer service, delivery partners and other service providers; and

•     or whenever it is deemed appropriate to achieve the purposes as stated in Section 3 of Chapter 1 of this Privacy Policy.

Scope of Use

CYBERDYNE will only handle personal data within the required scope to achieve the Purposes of use. In the event of rare and unpredicted occurrences, we shall obtain the individual’s permission first, unless it is for one of the following situations:

•     prevention or detection of crime or for investigation purposes;

•     arrest or prosecution of legal offenders;

•     valuation or assessment of taxes or any other similar payments;

•     other guidelines or instructions issued by the Ministry and gazetted for PDPA.; or

•     to comply with any legal requirements applicable to or imposed on us;

•     to protect your vital interests;

•     for the administration of justice; or

•     for the exercise of any functions conferred on any person by or under any law.

6.      Transfer of your personal data outside of Malaysia

CYBERDYNE information technology storage facilities and servers may be located in other jurisdictions outside of Malaysia. Your personal data may be stored on servers located outside Malaysia including but not limited to in Japan. In addition, your personal data may be disclosed or transferred to entities located outside Malaysia or where you access the CYBERDYNE sites from countries outside Malaysia.

Please note that these foreign entities may be established in countries that might not offer a level of data protection that is equivalent to that offered in Malaysia under the laws of Malaysia. You hereby expressly consent to us transferring your personal data outside of Malaysia for such purposes. We shall endeavour to ensure that reasonable steps are taken to procure that all such third parties outside of Malaysia shall not use your personal data other than for that part of the Purposes and to adequately protect the confidentiality and privacy of your personal data.

7.      Accuracy of your personal data

CYBERDYNE takes reasonable steps to ensure that the information we hold about you is accurate, complete and up to date. To assist us in doing this, please provide us with the correct information and inform us if your details change. You have the right to access and correct your personal information held by us about you. You can submit your request pursuant to Section 11 and 12 of Chapter 1 of this Privacy Policy.

8.      Confirmation and Storage of Records

CYBERDYNE will confirm and store records accurately and in accordance with relevant laws and guidelines, particularly those issued under PDPA, when exchanging information in your personal data with third parties.

9.      Disclosure of personal data to third parties

Disclosure of your personal data to third parties shall be subject to your prior consent. We will not sell, rent, transfer or disclose any of your personal data to any third party without your consent. By accepting this Privacy Policy, you are hereby consented to us disclosing your personal data to the following third parties for one or more of the Purposes:

•     to our employees, agents, affiliates and associated companies;

•     to any person to whom we are under an obligation to make disclosure under any applicable laws;

•     to any court and/or officer of the court;

•     to our auditors, legal advisers, compliance professionals and other advisers; and

•     to our service providers and vendors.

CYBERDYNE may also transfer, disclose or share your personal data with its affiliates and/or partners who may engage, or in some cases, transfer your personal data outside Malaysia as stated herein.

10. Security of your personal data

As provided in Section 10 of Chapter 1, CYBERDYNE will take necessary and appropriate actions for security control purposes to protect personal data from unauthorized access, forgery, leakage, loss or damage to personal data. While care is taken to protect your personal data under our possession, unfortunately no data transmission over the Internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online.

11. Your Rights

CYBERDYNE offers the option to apply for access, reveal, update, or correct your personal data and opt out on ways of how we communicate with you. CYBERDYNE will provide feedback on any form of request, notification, access application and the correction of matters relating to your personal data obtained as stated by PDPA. Your use or access to the CYBERDYNE sites, services and tools may be limited, suspended or terminated (as we in our discretion deem fit) if you impose any limit on us in the processing of your personal data or if you withdraw your consent for us to process your data.

However, we reserve the right to reject an application for access or extending the confirmation before allowing access to the permissible grounds under PDPA, if granting access to you may be a risk to your privacy, or the circumstances in which the rights of others may also be interrupted.

(Originally enacted January 27th, 2022)

The following describes how we treat personal information gathered via the CYBERDYNE website. If a customer/employee wishes to know more about our general policy on privacy protection, etc. please refer to the CYBERDYNE Privacy Policy document.

1.      Introduction

This document defines how CYBERDYNE deals with information gathered via the CYBERDYNE website and is based on the CYBERDYNE Privacy Policy. CYBERDYNE makes every effort to protect customer/employee privacy so that customers/employees can use the CYBERDYNE website with confidence and peace of mind.

By using the CYBERDYNE website the customer/employee is deemed to have understood and agreed to the following content:

2.      Scope

This Privacy Policy only applies to use of the CYBERDYNE website (cyberdyne.jp as the domain) and does not apply to sites managed by other companies. In order to provide useful information and services to the user, links to other websites are introduced on the CYBERDYNE site. This Privacy Policy does not apply to sites accessed via such links. We recommend that customers/employees check the privacy protection policies of each individual website.

3.      Security

n   Security technology which protects personal information

To protect from illegal accesses by an unauthorized third party, protection of personal information is secured by encrypting personal information by using SSL (Secure Sockets Layer) encryption technology and the other similar technology. This means that any information provided by customers/employees when using this site cannot be accessed by an unauthorized third party. Furthermore, a firewall, anti-virus measures and the other reasonable security measures have been installed to prevent disclosure, appropriation, alteration, etc. of personal information.

Structure of SSL (Secure Sockets Layer)

By using the SSL, a digital "handshake" (by digital confirmation, digital signature) between CYBERDYNE and the customer takes place where security is mutually confirmed, and upon mutual confirmation, the personal information of the customer is sent by customer. At that time, the data is encrypted and this prevents the data from being sent to any third-party identity thieves. 

Moreover, the data transmitted through SSL is encrypted using two types of encryption; namely, public key encryption (RSA) and common key (private key) encryption scheme. A key is required to decrypt such information. Even when data is intercepted by a third party, such encrypted data may not be decrypted without the correct key. Even though the number of types of keys is limited, it will take an unrealistically long time to figure out the correct key by trying out each key in order, even electronically by using devises such as a personal computer and thus it can be said that it is extremely difficult for a third party to decrypt the information.  

3. Collection of data

■ Site access

So that our customers can use our website with greater ease, the information below is collected.

(1)  Regarding use of Cookies*1

CYBERDYNE will collect Cookies under a purpose to provide the following information.

· Log-in data for online service provided by CYBERDYNE

· Data from personalized pages for customers

· Registration data including special campaigns, etc.

· Site access history (using Web beacon*2)

Customers may always block Cookies by setting their browser.  It is recommended that customers set their browser to only accept cookies from websites they can trust.  However, please be advised that without the cookie, the speed of the website may substantially decrease. 

(2)  Regarding use of IP Address *3

CYBERDYNE will collect IP addresses under a purpose to provide information suiting the customer's region.  When the customer views the CYBERDYNE website, the region the customer is accessing from will be determined based on the IP address, but the customer will not be identified. 

■ Email

When CYBERDYNE sends e-mail to our customers, the following data may be collected:

· The status of HTML emails, i.e., whether they have been opened or previewed (using Web beacon*2)

· Whether our website has been accessed via a link in a text email or HTML mail.

*1 Cookies

1.        A Cookie is a function where the fact that the user visited a specific website will be stored in the computer of such user.  Information such as e-mail address or name which can identify the individual is not among the data collected through the Cookie. 

2.        CYBERDYNE may provide the information collected through the Cookie to any third party if it is within the scope necessary to achieve the purpose stated under (1) Regarding use of Cookies*1 of this Privacy Policy.

3.        Users may select whether the Cookie may be used for each purpose on its own under the setting method of the web browser used by the user.  If the user accepts the Cookie and thereupon visits the CYBERDYNE website, it is deemed that the user agreed to CYBERDYNE's use of the information that the user visited our website.

* In order to gain full advantage of our website, it is recommended that the user accepts the Cookie.

*2 Web beacon

Web beacon means a structure constituting minute pictures invisible to the naked eye (1x1 pixel GIF) that are embedded into webpages or HTML emails and used to record the following data: opening/ previewing of emails, and access to websites using links in emails.

*3 IP Address

This is a number automatically assigned when the customer visits various websites.  The webserver (the computer providing the website) automatically recognizes the customer's computer based on the IP address and connects.