Hitachi Security Systems Inc. (hereinafter "we" or "us") and its subsidiaries take your privacy and the protection of your personal data very seriously.
SCOPE OF APPLICATION
This policy applies to the processing of personal data related to users of the website www.hitachi-systems-security.com
The present Privacy and Personal Data Protection Policy (hereinafter the "Policy") aims to inform you of the way Hitachi Systems Security Inc. processes your personal data collected through its website.
In order to offer you quality services, we need to have access to some of your personal data. We make sure to manage your personal data with all the necessary discretion and rigor in accordance with the legal and regulatory requirements in force.
By "Personal Data" we mean any information relating to an identifiable natural person or that, individually or in combination with other data, allows an individual to be identified.
By "Data Subject" we mean an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
By "Processing" we mean all operations relating to personal data, including but not limited to: collection, use, disclosure, sharing, deletion, etc.
By "Purpose of processing" we mean the main purpose of the processing of personal data. The data is collected for a well-defined and legitimate purpose and is not further processed in a way that is incompatible with this initial purpose.
By "Controller" we mean the natural or legal person that which, alone or jointly with others, determines the purposes and means of the processing of personal data.
By "Processor" we mean the natural or legal person that processes personal data on behalf of the controller, e.g., in the course of providing a service or performance.
DETERMINATION AND LIMITATION OF THE PURPOSES FOR WHICH PERSONAL DATA ARE COLLECTED ON THE WEBSITE
The personal data we collect on our website are processed for specific purposes, determined before collection. These purposes are the following (non-exhaustive list):
Hitachi Systems Security Inc. strives to limit the collection of personal data to what is strictly necessary to accomplish the purposes for which they are collected. Rest assured that we will not disclose or use your personal data for purposes other than those originally intended, unless justified by an applicable legal basis, such as obtaining your consent or as provided by law.
In addition, as you will see in the Security Measures for Personal Data section, we limit access to your personal data to those who have the need and responsibility to access it for such a specific purpose.
COLLECTION OF PERSONAL DATA
For the purposes identified above, we need to collect your personal data as a Controller.
The categories of personal data we process are those you directly share with us:
A cookie is a small data file created by your browser and placed on your computer when you visit a website or web page. Cookies allow websites to remember certain information about you in order to facilitate your access and navigation of the Internet within our sites. Cookies can only be read by the website that sends them to your computer.
Deactivation of cookies
It is possible to prevent the personalization features of our site by disabling cookies on your browser. You can do this by changing the settings on your browser or mobile device.
However, if you choose to decline cookies, some pages or sections of our website may not display properly, or some features may not be available.
Hitachi Systems Security Inc. uses Google Analytics in order to analyze the browsing behavior of visitors to its website. This is a tool for analyzing the traffic and use of websites, which is provided by Google Inc. (Google). The data collected by Google Analytics is used to analyze the use of the Hitachi Systems Security Inc. website and to produce statistical reports on visitor activities. For more details about Google Analytics: https://policies.google.com/privacy?hl=fr-CA.
Use of reCAPTCHA in our website form
Links to sites
It is important to understand that this Policy does not apply to other third-party websites that may be accessed through links on our website. We are not responsible for these third-party websites, their content or access to them. Therefore, any personal data you share through these sites is subject to the privacy policies of those sites. It is your responsibility to read their privacy policies to ensure the protection of your personal data.
LICEITY OF PROCESSING (CONSENT)
As a general rule, Hitachi Systems Security Inc. will obtain the personal data directly from you, with your consent, subject to exceptions provided by the applicable laws such as a legal obligation, the existence of a contractual relationship or Hitachi Systems Security Inc.’s legitimate interest.
Under the same conditions, we may also collect personal data from third parties as permitted by applicable laws, or if we have obtained your consent.
You have the right to refuse to provide us with personal data that is not required for identified processing activities. You also have the right, subject to reasonable notice and applicable legal or contractual restrictions, to withdraw your consent to the use of personal data already collected by contacting our Data Protection Officer (contact information available in section Requests, Complaints and/or Comments).
As part of our activities, Hitachi Systems Security Inc. could disclose your personal data to third parties, which includes third party service providers whose services relate to our website (hosting, security, etc.). The personal data provided is then limited to only the data necessary for them to perform their services. The protection of your personal data is requested for all our suppliers to preserve the confidentiality of this data.
HISYS-SEC will not sell or exchange your personal data at any time.
Personal data is retained only for as long as necessary for the purposes set out in the Policy and to ensure compliance with applicable laws.
In addition, your personal data may be stored in Canada or abroad. In such cases, we ensure that the adequate security measures and contractual agreements are in place to protect your personal data.
SECURITY MEASURES FOR PERSONAL DATA
Hitachi Systems Security Inc. strives to apply the necessary and appropriate security measures to ensure the protection of personal data in its possession. To do this, we follow the accepted standards in the industry. The personal data that we hold are therefore only accessible to recipients who have the right to know about them and who consult them only in the performance of their duties.
Appropriate physical, technical and/or administrative safeguards and security measures have been put in place and are maintained to prevent accidental or unlawful destruction, accidental loss, unauthorized disclosure or access. To achieve this goal, we ensure that we restrict access to our offices and computer equipment, train our staff and require our agents and suppliers of goods and services with access to personal data to sign confidentiality agreements and implement equivalent security measures.
INTERNATIONAL PERSONAL DATA TRANSFER
Hitachi Systems Security Inc. sometimes uses service providers located outside of Canada to perform specific mandates in the normal course of business. As such, some of your personal information may be transferred to another country and be subject to the laws of that country.
We do, however, ensure that the personal data in our custody is protected, including personal data that is entrusted to a supplier, whether located in Canada or abroad.
Our privacy policies and practices require a commitment from our service providers to meet their obligation to maintain the confidentiality and security of the personal data entrusted to them. This includes a requirement to implement effective security measures, but also a prohibition on disclosure of your personal data to others.
RIGHTS OF THE DATA SUBJECT
Right of access and to rectification
You can request access to your personal data, or information on how we process your personal data. You can also ask that the data held by Hitachi Systems Security Inc. be rectified if they were inaccurate, ambiguous or incomplete.
Right to erasure ("Right to be forgotten")
You have the right to obtain from Hitachi Systems Security Inc. the erasure of your personal data as soon as possible. The right to erasure will not apply to the extent that the processing is necessary, in particular:
(a) the exercise of the right to freedom of expression and information,
(b) for research or statistical purposes,
(c) the exercise or defense of legal rights.
Right to restriction of processing
You have the right to obtain from Hitachi Systems Security Inc. restriction of processing where one of the following applies:
(a) for a period enabling Hitachi Systems Security Inc. to verify the accuracy of the personal data contested by the data subject,
(b) the processing is unlawful and you are opposed to the erasure of your personal data, you request the restriction of their use instead,
(c) Hitachi Systems Security Inc. no longer needs the personal data for the purposes of the processing, but you request them for the establishment, exercise or defence of legal claims,
(d) you have objected to processing pending the verification whether the legitimate grounds of Hitachi Systems Security Inc. override yours.
Where processing has been restricted, personal data is only processed, with the exception of storage, with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important reasons of public interest of a public authority empowered by law.
You have the right to receive the personal data you have provided to Hitachi Systems Security Inc., in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without us impeding it. This right applies when the processing is based on your consent and the processing is carried out using automated processes.
You can object, at any time, for reasons related to your particular situation, to the processing of your personal data. Hitachi Systems Security Inc. will no longer process your personal data unless it can demonstrate that there are legitimate reasons for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Automated individual decision, including profiling
You may request not to be subject to a decision based exclusively on automated processing, including profiling, unless the decision is:
(a) necessary for entering into or performance of a contract between you and Hitachi Systems Security Inc.,
(b) authorized by the law to which Hitachi Systems Security Inc. is subject and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests,
(c) based on your explicit consent.
REQUESTS, COMPLAINTS AND/OR COMMENTS
To submit a request for access or rectification, exercise any applicable right, file a complaint, obtain information on our policy or send us comments, we invite you to contact our Data Protection Officer:
General Data Protection Regulation (GDPR) – EU Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Hitachi Systems Security Inc. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
UK General Data Protection Regulation (UK GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, Hitachi Systems Security Inc. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
The content of our website may change at any time. Therefore, this Policy may be subject to change from time to time in the future. We recommend that you review it each time you visit our website to stay informed about how we handle personal data.
 GDPR, Art 6 and 7