1. Home
  2. Privacy Notice
  3. Handling of Personal Information

Handling of Personal Information

Olympus* recognizes the importance of protecting personal information in the network society and believes that it is Olympus’s social responsibility to protect personal information thoroughly. Olympus will handle personal information properly in accordance with the below “Olympus group personal information protection policy”.

*”Olympus” in the context of ”handling of personal information” carries the meaning of Olympus and its group companies.

Issue date 1 April 2022
Latest revision: 1 April 2024

  • Olympus Group personal Information protection policy

    1.Implementation of internal measures

    Olympus has implemented internal measures to protect all personal information. All Olympus directors and employees receive training and communication accordingly. To ensure proper implementation of necessary measures to protect personal information, inspections are conducted on a regular basis.

    2.Proper Handling of Information

    Olympus will acquire personal information only within the scope necessary and informs the principal about the purpose of use at the time of collection. In addition, Olympus handles personal information only within the scope necessary and will respond to a principal’s request for disclosure, rectification, deletion or cease of use of his or her personal information swiftly to and to a reasonable extent. Furthermore, Olympus handles specific personal information only within the scope permitted by law.

    3.Limitation of Disclosure and Provision of Personal Information to Third Parties

    Unless consent of the principal is obtained, or otherwise permitted by law, Olympus will not disclose or otherwise provide retained personal information to third parties.
    Furthermore, unless permitted by law, Olympus will not disclose or provide specific personal information to any third party, regardless of whether the principal’s consent has been obtained or not.
    In cases in which Olympus is outsourcing a business activity, Olympus will enter into a contract with the outsourcing partner that includes obligations to properly handle personal information. In addition, Olympus will perform sufficient supervision and instructions towards the outsourcing partner.

    4.Ensuring Accuracy and Safety

    Olympus strives to maintain accurate and up-to-date retained personal information and takes appropriate security measures against risks such as unauthorized access to personal information, loss, destruction and falsification, and leakage of personal information.

    5.Compliance with Laws and Regulations, and Continuous Improvements

    Olympus obeys to laws, regulations, and standards applicable to the protection of personal information, and strives to review and make continuous improvements to the above-mentioned measures.

Declarations as stipulated in the Act on the Protection of Personal Information

Olympus hereby declares the following information as stipulated in the Act on the Protection of Personal Information.

  • 1. Personal information handling business operators
    Personal information handling business operators Address Representative
    Olympus Corporation 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Stefan Kaufmann
    Olympus Medical Systems Corp. 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Tomohisa Sakurai
    Olympus Marketing Corp. 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Isao Kobayashi
    Nagano Olympus Co., Ltd. 6666 Inatomi, Tatsuno-machi, Kamiina-gun, Nagano 399-0495 Tatsuya Honda
    Aizu Olympus Co., Ltd. 3-1-1 Niiderakita, Aizuwakamatsu-shi, Fukushima 965-8520 Tomoaki Kabayama
    Aomori Olympus Co., Ltd. 2-248-1 Okkonoki, Kuroishi-shi, Aomori 036-0357 Hiroaki Hosoi
    Shirakawa Olympus Co., Ltd. 3-1 Oaza-Odakura-Aza-Okamiyama, Nishigo-mura, Nishishirakawa-gun, Fukushima 961-8061 Seiji Morishita
    TmediX Corporation Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-0914 Keisuke Fujii
    Olympus Terumo Biomaterials Corp. Daiwa Sasazuka Tower, 1-50-1 Sasazuka, Shibuya-ku, Tokyo 151-0073 Manabu Ishikawa
    Olympus-Supportmate Corp. 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Kumi Tatsuta
  • 2. Utilization purpose of personal information

    Olympus will utilize acquired personal information for the purposes stated below.

    In cases where, by means of contract or other notifications, we have specified separate utilization purposes, said utilization purposes will take precedence over those stated below.

    Regardless of the utilization purposes stated below, there might be further utilization cases to the extent laws permits.

    Subject to acquisition Utilization purpose
    (1) Personal information of customers and medical personnel
    • Provision of information related to arrangement and shipment of products and services
    • Sales of products, their repair and maintenance and inspection as well as provision of after sales services, management of inquiries
    • Notification and performance of seminars, academic conferences, exhibitions, events, contests, campaigns, trainings, and other activities hosted, co-hosted or sponsored by an Olympus Group company or in which Olympus has a display or is giving a presentation
    • Planning, research, development and marketing of products
    • Access control and access history management of facilities managed by Olympus
    • Performance of negotiations, meetings and other communications with customers
    • Handling and documentation of all inquiries, requests for materials and other customer services
    • Handling of all payment procedures
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.
    (2) Personal information of business partners’ and legal entities’ affiliated personnel
    • Performance of negotiations, meetings, communication and other interactions with business partners as well as provision of information thereto
    • Performance of business operations commissioned to Olympus by business partners
    • Invoicing and management of business affairs between Olympus and business partners
    • Access control and access history management of facilities managed by Olympus
    • History management of education provided by Olympus
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.
    (3) Personal information of shareholders
    • Exercise of rights and obligations under corporate law
    • Provision of benefits to the shareholder in accordance with his/her position as a shareholder
    • Performance of measures to maintain a smooth the relationship between the shareholders and Olympus, in terms of the members of the association and the association itself
    • Performance of shareholder management as stipulated by law, such as management of shareholders, preparation of shareholder data etc.
    (4) Personal information of job applicants (incl. interns)
    • Selection of candidates, provision of information and interview results
    • Performing operations related to the recruitment process
    • Management of recruitment operations
    (5) Personal information of directors and employees (incl. their families and relatives, and retirees)
    • Business-related communication and procedures
    • Communication with corporate health insurance associations, corporate pension funds and labor unions, as well as Among Olympus group companies
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.
    • Operations related to human resources and labour management
    • Further utilization as stipulated in internal policies.
    (6) Personal information patients
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.
  • 3. Provision of personal information to third parties

    Except for the instances stated below, Olympus will not share any personal information with third parties.

    • Consent has been provided by the individual
    • The information is provided to contractors or other parties to the extent necessary to achieve the utilization purposes
    • Mergers or other cases of business succession
    • Joint utilization as stipulated in chapter “4. Joint utilization of personal information”
    • In urgent cases that require the protection of the life, body, or property of an individual, as well as other cases permitted by the Act on the Protection of Personal Information (APPI)
    • To the extent permitted by other laws and regulations

    Supervision of entrusted parties (outsourcing)

    In cases where business activities are entrusted to other parties, Olympus ensures sufficient supervision and instructions, incl. conclusion of contracts that stipulate the appropriate handling of personal information.

    Provision of personal information to foreign countries

    Personal information acquired by Olympus might be processed by Olympus or entrusted parties in other countries or regions such as Europe, America, China, etc.
    In such cases, privacy regulations of the specific country or region will apply. For an evaluation of privacy regulations, kindly refer to the official website of the Personal Information Protection Commission website open in new window (Japanese only).
    In cases where Olympus provides personal information to Olympus or entrusted parties outside of Japan, Olympus will implement sufficient measures to protect personal information to the extent required by Japanese and foreign privacy law.

  • 4. Joint utilization of personal information

    (1) Olympus

    Olympus might jointly utilize acquired personal information with other Olympus group entities.

    (a) Categories of personal information utilized jointly
    Examples include name and contact information (company name, department name, job title, address, telephone number, fax number, e-mail address, purchase history, inquiry and request history) etc.

    * When sharing personal information other than the above, the principal will be separately notified either directly or in the form of an announcement.

    (b) Scope of joint utilization
    All Olympus group entities
    (c) Utilization purpose
    To fulfill the services provided to individuals and to fulfill the purposes that have been notified or published.
    (d) Entity responsible for joint utilization
    Olympus Corporation
    (For the representative and address, kindly refer to chapter “1. Personal information business handling operators”)

    (2) Corporate health insurance association, corporate pension funds and Labor unions

    (a) Categories of personal information utilized jointly
    Personal information of employees, retirees and their family members (e.g., employee number, name, sex, birth date, date of employment, department, employment status, personnel treatment data necessary for labor-management consultations) in the possession of each party, as well as other data necessary for the achievement of the utilization purposes.
    (b) Scope of joint utilization
    Information shall be jointly utilized among corporate health insurance associations, corporate pension funds and labor unions.
    (c) Utilization purpose
    • Appropriate management of employees, retirees and their families
    • Communication, notification and provision of information to the individual
    • Use as basic data for labor-management affairs (negotiations) on wages and other labor conditions of the individual
    • Smooth implementation of appropriate measures among joint parties in the event of disasters or emergencies relating to Olympus or the individual
    • Performance of practical operations relating to welfare programs offered by joint parties
    (d) Entity responsible for joint utilization
    Olympus Corporation
    (For the representative and address, kindly refer to chapter “1. Personal information business handling operators”)

    (3) Nihon Ultmarc Inc.

    Olympus Corporation, Olympus Marketing Corporation, Olympus Terumo Biomaterials Corporation and TmediX Corporation handle the "Medical Database (MDB)", a database of basic information on healthcare professionals and medical institutions nationwide provided by Nihon Ultmarc Inc., jointly with certain healthcare-related companies.

    Please refer to Nihon Ultmarc's website for the utilization purpose of personal information and other details.

    個人情報の共同利用について | 株式会社日本アルトマーク / Nihon Ultmarc INC. opens in new window

  • 5. Technical and organizational security measures

    Establishment of basic policy

    • For handling personal information appropriately, Olympus established a basic policy including topics such as “implementation of an internal system”, “proper handling information”, “limitation of disclosure and provision of personal information to third parties”, “ensuring accuracy and safety”, “compliance with laws and regulations, and continuous improvements”.

    Establishment of rules for handling personal information

    • Olympus has established a policy covering stages and performance of activities such as acquisition, use, storage, provision, deletion/disposure of personal information. Relevant managers in charge are stipulated as well.

    Organizational security control measures

    • Olympus appointed a responsible staff/managers in charge of supervising the handling personal information Roles and responsibilities are clearly defined.
    • Olympus has implemented appropriate processes to promptly respond to (potential) incidents.
    • Olympus has established measures to ensure transparency over data processing activities.
    • Olympus periodically checks the status of handling personal information.

    Personnel-related security measures

    • Olympus regularly educates the directors and the employees on security control measures related to protection of personal information.
    • Regular communication as well as events and campaigns to promote awareness.
    • Items related to the confidentiality of personal information are stipulated in internal rules etc.

    Physical security control measures

    • Appropriate access control is implemented for employees in areas where personal information is handled.
    • When carrying personal information, encryption and password protection are used to prevent leakage etc.
    • When documents or electronic media containing personal information are disposed of, they are done so in a manner that makes them unrecoverable.
    • Deployment of security personnel to protect premises

    Technical security control measures

    • Access controls are in place to limit the access to personal information only persons necessary.
    • Olympus has established measures to protect personal information handling systems from unauthorized access and malicious software.

    Security control measures for entrusted parties

    • Rules in place for selection of adequate parties that handle personal information.
    • Contracts etc. in place between Olympus and entrusted parties that stipulate handling of personal information based on Olympus standards.
  • 6. Disclosure of personal information

    Olympus is ready to respond to individuals’ requests (incl. such, filed by the principal’s agent) for disclosure※1 of the individuals retained personal information.
    For individuals who have registered through any websites, there might already be an inquiry function that can be used to make the request directly via that website.

    ※1 Disclosure etc. includes: disclosure, rectification, addition, deletion, cease of use, erasure, cease of third-party provision of the principal’s personal information, disclosure of records of third party provision, and notification of purpose of use.

    Request form

    Kindly download the form below and fill in the necessary information.
    Documents to submit
    • 1. Disclosure request form
    • 2. Identification for verification that the Personal Information in question does indeed pertain to the individual who is making said request (Either (1) or (2) must be provided)
      • Copy of a valid drivers' license or a valid passport: One copy
      • Copy of pension card or health insurance card together with certificate of residence: One set
    • 3. Fee (Only requests regarding utilization purpose and disclosure) 1,600 Yen / company (in fix-amount postal money order)
    Requests via agent

    If the demand is filed by an agent, the following must be submitted, in addition to the documents specified in (1) through (3) above:

    • 1. For agents with Power of Attorney:
      Documents providing evidence that the party making the request has Power of Attorney from the person to whom the personal information relates (Both (1) and (2) below must be submitted).
      • Power of Attorney (with the seal of the grantor): 1x
      • Certificate of a Grantor incl. seal: 1x
    • 2. For statutory agent:
      • Document providing evidence that the said agent is legally entitled to represent the individual in question: 1x
    Address

    Personal Information Inquiry Desk HR HRIS operations site operation & planning
    Olympus Corporation
    Shinjuku Monolith, 2-3-1 Nishi-Shinjuku
    Shinjuku-ku, Tokyo
    163-0914
    Disclaimer
    • Kindly send the request/documents via a method that is traceable.
    • After all necessary processes at Olympus have been performed, a reply will be made via registered mail or e-mail. Olympus will reply within three weeks upon receival of the request. In cases that take more time, Olympus will inform the individual.
    • For requests regarding the utilization purpose and disclosure of personal information, kindly enclose 1,600 Yen in the envelope (fix-amount postal money order).
      (1,600 Yen per request)
    • Only fix-amount/postal money order is accepted
    • In cases where Olympus may legally not be able to handle your request or where no retained personal information exist, the individual will be informed via e-mail or post. (Kindly understand that the fee will not be refunded).
    • In cases of lack of information on part of the requestee, Olympus will contact said individual. If no further reply was received within 1 month thereof, the request will be dismissed.
    • The personal information received in relation to the request will only be used to fulfill said request and not returned.
  • 7. Provision of anonymously processed information

    Olympus will utilize anonymously processed information as stipulated in the Act on the Protection of Personal Information and other guidelines and laws for the purposes of promotion and extension of health/life expectancy.

    Provision of anonymously processed information

    Provided information that incl. categories related to individuals Provision method Entities providing anonymously processed information
    • Patient-related information(age, gender)
    • Information regarding the surgery (disease name, surgical method, duration of surgery, and the amount of intraoperative blood loss. However, disease name and surgical procedures that can identify specific individuals are not included)
    • Information regarding the physician who performs the surgery (Years of experience, certified physician or not etc. However, physician name and facility name are not included)
    • Video information of and related to recordings endoscopic surgery
    		 Password-encrypted digital files, shared via portable device or highly encrypted cloud storage. Olympus Corporation
    Olympus Medical Systems Corp.
    • Endoscopic images, names of internal organs, lesions, organ cleansing, past treatments, pathological results
    • Physician’s observations regarding specific lesions
    		 Highly encrypted secure storage Olympus Medical Systems Corp.
    • Endoscopic images, names of internal organs, lesions, organ cleansing, past treatments, pathological results
    • Physician’s observations regarding specific lesions
    		 Password-encrypted digital files, shared via portable device or highly encrypted cloud storage. Olympus Medical Systems Corp.
  • 8. Inquires on handling of personal information

    Any inquiries regarding Olympus’ handling of personal information or anonymously processed information can be sent to the e-mail address below:

    privacy@olympus.com

    Any personal information provided by the individual in relation to the inquiry will only be used by Olympus to the extent needed to fulfill the request.

  • 9. Other information

    Olympus may have additional stipulations within a specific business activity or services.
    Olympus may change or amend the policy for “Handling of Personal Information” in accordance with any changes of the Act on the Protection of Personal Information, including any of the above publications or processes, without prior notice.

  • 10. Change history
    Date Content changed
    1 April 2024 Adjustment of representatives due to corporate changes.
    1 April 2023
    • Adjustment of representatives due to corporate changes.
    • Adjustments regarding the provision of personal information to third parties without consent. Also, information on cross-border transfers and security measures for entrusted parties have been added.
    • Additions to technical and organizational measures.
    • Addition of current provision of anonymously processed information.
    • Change to one single e-mail address for inquires.
    • General overhaul for easier readability.
    • Merged contents from prior recruiting page with this page.
    • Change log created and published as of 1st April 2023.
    1 April 2022 Addition of addresses of the personal information handling business operators as well as names of their representatives as stipulated in the latest revision of the APPI.
    Addition of technical and organizational security measures as stipulated in the latest revision of the APPI.