Privacy Policy
Kioxia Holdings Corporation (hereinafter the Company), guided by its Basic Commitment and Standards of Conduct, engages in business activities that allow it to contribute to society, to earn the trust of all of its stakeholders, and to meet their expectations.
The Company recognizes that the personal information received from stakeholders in the course of business activities is an important asset of each stakeholder, and also an important asset for the Company as a source that contributes to the creation of new value, and provides appropriate protection for personal information in accordance with the following Basic Policy.
1. Basic Policy
- 1.1 The Company strictly complies with the Act on the Protection of Personal Information and other relevant laws and guidelines established by the government of Japan, and with other standards. The Company has formulated Regulations on Personal Information Protection, and carefully implements and maintains and strives to continually improve its management system for personal information protection.
- 1.2 The Company has established a management framework for the protection of personal information that includes assigning a responsible person in all divisions that handle personal information, and ensuring that all Company officers and employees recognize the importance of and act in full compliance with the Regulations.
- 1.3 The Company utilizes personal information to provide services within a scope of use that is clearly communicated in advance, and takes measures to prevent its use beyond that scope. The Company does not disclose or provide personal information obtained to any third party without the express consent of the individual who provided the personal information, or unless there is a legitimate reason for such disclosure.
- 1.4 The Company maintains accurate, up-to-date personal information, and makes all required efforts to prevent unauthorized access to such personal information, as well as any leakage, loss or damage of the same, and continually enhances and remediates information security.
- 1.5 The Company responds promptly and with good faith to inquiries and requests in respect of personal information and its disclosure.
Established: October 1, 2019
Last updated: May 23, 2022
Nobuo Hayasaka
Representative Director
Kioxia Holdings Corporation
This Basic Policy applies to personal information held by the Company in Japan.
2. Intended Use of Personal Information
The main area of business in which the Company makes use of personal information is the semiconductor memory business.
The Company uses personal information for the following purposes:
- (1) Personal information related to customers
- (a) Provision of information on events
- (b) Responses to inquiries and requests for consultation
- (c) Performance of contracts
- (d) Business negotiations and meetings with customers
- (2) Personal information related to shareholders
- (a) Enforcement of rights and fulfillment of obligations under laws and regulations
- (b) Provisions made for shareholders (shareholder benefit programs, etc.)
- (c) Implementation of measures related to shareholders (surveys, etc.)
- (d) Shareholder management required by laws and regulations (preparation of shareholder data, etc.)
- (3) Personal information related to government officials and civil servants
- Contacts with, reports and inquiries, etc., to the competent authorities required for the execution of business
- (4) Personal information related to officers, employees of suppliers and other companies
- (a) Contacts, discussions and the like required for the execution of business
- (b) Management of information on suppliers and processing of payments and receipts by the Company
- (5) Personal information received under contracts with suppliers
- Performance of outsourcing contract
- (6) Personal information on applicants for employment
- (a) Contacts with and provision of recruitment information to applicants for employment (including internships)
- (b) Recruitment management at the Company
With respect to (3) and (4) above, personal information may be obtained through commercially available lists of the relevant personnel.
With respect to (5) above, the personal information is not, in principle, subject to disclosure.
When the Company obtains personal information in order to provide a service, the Company clearly indicates in advance the intended scope and purpose of use of the personal information, and makes use of the provided information within that stated scope and purpose of use.
In the event that a need arises to use the personal information for any purpose that goes beyond the stated scope and purpose, the Company gives notification to that effect, and obtains the individual's consent before making such use of the information. The Company uses personal information entrusted to it by other companies only within the terms of the contract it enters into with those companies.
3. Provision of Personal Information
- 3.1 The Company does not disclose personal information to third parties other than in the following cases.
- 3.1.1 When the individual has given prior consent to such disclosure
- 3.1.2 When required to do so in order to comply with laws and regulations
- 3.1.3 When disclosure is necessary for the protection of human life, human health or property, and it is difficult to obtain the consent of the individual
- 3.1.4 When the Company consigns the handling of personal information to a third party to the extent necessary to achieve the stated purpose of use
- 3.1.5 When another entity succeeds to the Company’s business as the result of a merger, corporate separation, transfer of business or other reason
- 3.2 When it is deemed that an inquiry can be more appropriately dealt with by subsidiaries of the Company, the name, address, telephone number and other information will be provided to subsidiaries of the Company, with the prior consent of the inquirer.
- 3.3 Supervision of Trustees
In using the personal information obtained, the Company may entrust the personal information to third parties within the approved scope of use. The third parties’ use of the personal information will be supervised as necessary and appropriate to ensure that the third parties manage the personal information in strict accordance with the same standards as the Company. The entrusted entities may also entrust the personal information to subcontractors within the approved scope of use, whose use of the information will be similarly supervised by these entrusted entities.
Agreements will be concluded stipulating careful management and supervision of the secrecy of the personal information, to ensure strict safety of the personal information.
- 3.4 Scope and purposes of jointly used personal information
Personal information may be jointly used by subsidiaries of the Company and business partners within the approved scope of use.
4. Retention period of personal information
The Company will retain the personal information for as long as necessary to fulfil the relevant purposes or to comply with legal obligations. The Company may then delete within a reasonable period of time, in a safe and secure manner.
5. Procedures for Requests for Disclosure
The Company responds to the following requests in respect of the personal information held by the Company: (1) Requests for disclosure; (2) Requests for notification of the intended purpose; (3) Requests for disclosure of third party provision records; (4) Requests for correction; (5) Requests for addition; (6) Requests for deletion; and (7) Requests for cessation of use or cessation of disclosure to third parties. Please contact us if you require further information on the details of the request procedures are as follows. Please note that we will charge a fee for requests for disclosure, requests for notification of intended use, and requests for disclosure of third party provision records.
- 5.1 Application for request for disclosure etc.
For requests for disclosure, etc., please attach the required documents to the prescribed request form and send them to the Company by mail. When you mail the request forms to the Company, please use simple registered mail or other method of delivery that allows tracking of delivery. In addition, it would be greatly appreciated if you could write "personal information request enclosed" in red on the envelope.
〒108-0023
Personal information protection office
Kioxia Holdings Corporation
1-21, Shibaura 3-Chome, Minato-ku, Tokyo
- 5.2 Written submission of request for disclosure, etc.
In the case of a request for disclosure, etc., please download the appropriate form indicated in (1), complete all the required sections, enclose the documents indicated in (2) to confirm your identity, and mail them to the address in 5.1 above.- (1) Company prescribed request form
- (a) For requesting disclosure of personal information, notification of intended use, or disclosure of third party provision records (fee required)
Request form: Personal information disclosure (PDF : 156KB) - (b) For requesting a correction, addition, deletion, suspension of use of personal information or suspension of provision to third parties (no fee required)
Request form: Personal information correction, etc. (PDF : 184KB)
* We only charge a fee for disclosure of personal information, notification of intended use, and disclosure of third party provision records.
No fee is required for correcting, adding, deleting, suspending use of personal information, or suspending provision to third parties.
- (a) For requesting disclosure of personal information, notification of intended use, or disclosure of third party provision records (fee required)
- (2) Documents to confirm identity
A copy of any one of the following:- (a) Driver's license
- (b) Health insurance certificate of insured person
- (c) Passport
- (d) Pension book
- (e) Basic Resident Registration Card
- (f) “My Number” Individual Number Card (only side with photograph)
- * We will send you an acknowledgment of receipt when we confirm the submission of the prescribed form and receipt of any required fee.
- (1) Company prescribed request form
- 5.3 Request for disclosure etc., via an agent
In the case of delegating an agent to request disclosure, etc., in addition to the documents indicated in (1) and (2) of the previous paragraph, please enclose the following documents.- (1) Company prescribed request form
- (a) Information about the agent (PDF : 155KB)
- (b) Power of attorney (PDF : 35KB)
The person on whose behalf the request is being made must stamp his or her name on the power of attorney and also attach a copy of the registration certificate of the stamp. If the agent is the legal representative of the person on whose behalf the request is being made, such as a parent or guardian, the power of attorney can be replaced with a copy of extract of the family register or a resident card that shows the relationship with the agent and the person on whose behalf the request is being made.
- (2) Documents to confirm the identity of the agent
A copy of any one of the following:- (a) Driver's license
- (b) Health insurance certificate of insured person
- (c) Passport
- (d) Pension book
- (e) Basic Resident Registration Card
- (f) “My Number” Individual Number Card (only side with photograph)
- (1) Company prescribed request form
- 5.4 Fees in respect of request for disclosure, notification of intended use, and third party provision records
Requests for disclosure of personal information, notice of intended use, and third party provision records are subject to a fee depending on the method of reply. Please enclose a postal service money order for the corresponding fee with the submitted documentation. The applicant is responsible for the cost of the purchase of the money order and the postage.
The fee per single request is as follows.- 1. Written document mailed
800 yen (incl. tax) - 2. Electromagnetic record stored media (DVD-R, CD-R etc.) mailed
900 yen (incl. tax) - 3. Electromagnetic record attachment emailed
350 yen (incl. tax) - * In cases where the fee is insufficient or where the fee is not enclosed, the Company will contact the person making the request, but if payment is not made within the prescribed period the Company will handle the request for disclosure / notification of intended use as if it had not been received.
- 1. Written document mailed
- 5.5 Method of response to requests for disclosure, etc.
A written reply, an electromagnetic record stored media, or an electromagnetic record attached email will be sent to the address stated on the request form of the person making the request.
- 5.6 Intended use of acquired personal information with regard to requests for disclosure, etc.
Personal information acquired in connecting with requests for disclosure etc. will be used only within the scope necessary for handling the request for disclosure etc. Documents submitted with the request will not be returned. Upon completion of the response to the request for disclosure etc., documents will be properly managed and disposed of.
* RE grounds for non-disclosure of personal information
In the cases detailed below, the Company is not able to respond to requests for disclosure etc. of personal information.
In cases where the Company decides not to make disclosure, the person making the request will be provided with a notification to that effect, and an explanation of the reason. It should be noted that the prescribed fee will be charged, even in cases of non-disclosure or non-notification of intended use.- ・Cases where the Company cannot confirm the identity of the person making the request, such as when the address on the request form or the address stated on the document used to confirm the identity of the person making the request does not match the address registered with the Company.
- ・Cases where the request is made via an agent but the power of attorney cannot be confirmed
- ・Cases where not all of the required documents are submitted
- ・Cases where the Company is unable to identify personal information from the content on the request form
- ・Cases where the subject of the request for disclosure does not fall within the definition of retained personal information referred to in Article 16, Paragraph 4 of the Act on the Protection of Personal Information
- ・Cases where there is a risk of causing harm to the life, body, property or other rights and interests of the person making the request or to a third party
- ・Cases where there is a risk of seriously hindering the proper implementation of the Company's business
- ・Cases that would cause other laws and ordinances to be violated
- 5.7 Revision
In order to protect personal information and respond to changes in laws and regulations, the Company may revise some of the content of the procedures for making requests for disclosure, etc. Please check these procedures every time you make a request for disclosure, etc.
6. Security control measures for personal information
The Company will take necessary and appropriate security control measures to prevent leakage, loss, or damage of personal information in its possession.
- 6.1 Organizational Security Control Measures
The person responsible for the handling of personal information shall be designated as the Chief Information Security Officer, and shall be responsible for and supervise the security of personal information of the Company. In addition, a reporting and communication system has been established in the event that any signs of leakage of personal information is detected.
We conduct periodic self-assessments of the status of personal information handling.
- 6.2 Human Security Control Measures
In addition to initial training for new employees, education is provided at least once a year to ensure that all employees understand the importance of personal information protection and management, as well as the handling of personal information.
- 6.3 Physical Security Control Measures
The Company implements entry restrictions and access control as necessary in areas where personal information is handled, as well as measures to prevent unauthorized persons from accessing personal information.
- 6.4 Technical Security Control Measures
The Company takes measures to prevent unauthorized access from external entities.
7. Inquiries Concerning Personal information
- 7.1 Inquiries and complaints concerning personal information should be directed to the department that received and registered the personal information.
- 7.2 Please contact the Company "Contact us" below if you have any inquiries concerning this privacy policy, or if you are uncertain which department received and registered your personal information.
8. Request to Children under 16 years of Age
Children under 16 years who provide personal information to the Company should do so only after obtaining the consent of a parent or guardian.
9. Notice regarding Websites Operated by the Company
- 9.1 Collection of personal information
When users using services offered by the Company have given prior agreement to cooperation with an external service managed by a third party, based on the scope of content agreed at the time such permission was granted, the Company will receive the personal information from the external service.
- 9.2 Intended uses
Personal information may be used for the purposes described in "2. Intended Use of Personal Information." Based on personal information received, responsible persons at the Company may contact users in connection with use for the abovementioned purposes.
The Company may also use personal information registered on the Company websites in combination with their browsing history on those websites.
Please note that some services provided by the Company (including the Company's website services) may not be available if the required personal information is not provided.
- 9.3 Communication Encryption
Transmission of personal information to the Company's website is protected by encryption technologies that include SSL (Secure Socket Layers) and TLS (Transport Layer Security).
Access to the Company websites may not be possible with a browser that does not support SSL or TLS, etc.
- 9.4 Outsourcing of handling of personal information
All or part of the handling of personal information may be outsourced or further entrusted to subcontractors, to the extent necessary for carrying out the purposes mentioned above.
- 9.5 Provision of Personal information
Personal information registered on the Company websites is shared with subsidiaries of the Company and business partners. In addition, personal information that is shared by the Company and subsidiaries of the Company and business partners will be stored and used in the countries and regions where business and sales are conducted.
- 9.6 Contact Support
The Company responds to inquiries by e-mail. Notwithstanding this, depending on the content, there are also cases where replies may be made in writing or by telephone or facsimile.
The Company cannot respond immediately to inquiries received on Saturdays, Sundays, public holidays, the New Year holidays and the Company’s own holidays. A response will be made on the next business day or after.
- 9.7 Use of cookies and web beacons
The Company uses cookies and web beacons in order to provide better services on its websites.
- 9.7.1 Use of cookies
Cookies are small text files that the website sends to your device for the purpose of keeping records. It identifies your device, typically your web browser, but it cannot identify you as an individual.
Some cookies are strictly necessary for a personalized user experience, and record your preferences (e.g. language used) as well as your activities (e.g. login status) on our website. Other cookies which are “not strictly necessary”, provide enhanced functionality, gather analytical data to improve performance, enable us or our advertising technology partners to deliver personalized advertisements by tracking you across the internet.
You can choose whether to allow us or third-parties (our advertising technology partners) to set cookies which are “not strictly necessary” via the cookie banner and settings provided on our website. However, not allowing some types of cookies may result in limited functionalities, such as loss of personalization functions.
- 9.7.2 Use of Web Beacons
Web beacons are a technology to capture the status of access from your computer, and to get statistics on the usage rate of specific web pages. Use of web beacons together with the above mentioned cookies makes it possible to obtain detailed statistical information. The Company websites use technologies such as web beacons for the purpose of obtaining statistical information that can be used to improve the websites.
- 9.7.1 Use of cookies
- 9.8 Notes for Links
The Company bears no responsibility for the security of personal information used on third party websites linked to from The Company websites. Please confirm the privacy policies of linked websites operated by other companies.
10.Information on important changes and notices
The Company posts details of important changes to and notices on personal information protection in the Announcements section.
11.Revisions
The Company may revise the Personal Information Protection Policy from time to time, in order to better protect personal information and to comply with changes in applicable laws and regulations.
12. “Contact Us” on Personal information Protection
Please contact us with any inquiries in respect of personal information protection:
Kioxia Holdings Corporation (Personal information protection office)
Address: 1-21, Shibaura 3-Chome, Minato-ku, Tokyo
E-mail address: kioxia-hldgs-privacy@kioxia.com
Established: October 1, 2019
Last updated: May 23, 2022