Handling of Personal Information

Issue date 1 April 2022

Olympus* recognizes the importance of protecting personal information in the network society and believes that it is Olympus’s social responsibility to protect personal information thoroughly. Olympus will handle personal information properly in accordance with the below “Olympus group personal information protection policy”.

*”Olympus” in the context of ”handling of personal information” carries the meaning of Olympus and its group companies.

  • Olympus Group personal Information protection policy

    1.Implementation of an Internal System

    Olympus implements internal systems for the protection of personal information and educates all of its directors and employees to enable proper handling of personal information. In addition, to ensure that initiatives to protect personal information are being effectively implemented, Olympus is performing regular checks.

    2.Proper Handling of Information

    Olympus will acquire personal information only within the scope necessary and informs the principal about the purpose of use at the time of collection. In addition, Olympus handles personal information only within the scope necessary and will respond to a principal’s request for disclosure, rectification, deletion or cease of use of his or her personal information within a reasonable time frame. Furthermore, Olympus handles specific personal information only within the scope permitted by law.

    3.Limitation of Disclosure and Provision of Personal Information to Third Parties

    Unless consent of the principal is obtained, or otherwise permitted by law, Olympus will not disclose or otherwiseprovide retained personal information to third parties.
    Furthermore, unless permitted by law, Olympus will not disclose or provide specific retained personal information to any third party, regardless of whether the principal’s consent has been obtained or not.
    In cases in which Olympus is outsourcing a business activity, Olympus will enter into a contract with the outsourcing partner that includes obligations to properly handle personal information. In addition, Olympus will perform sufficient supervision and instructions towards the outsourcing partner.

    4.Ensuring Accuracy and Safety

    Olympus strives to maintain accurate and up-to-date retained personal information, and take appropriate security measures against risks such as unauthorized access to personal information, loss, destruction and falsification, and leakage of personal information.

    5.Compliance with Laws and Regulations, and Continuous Improvements

    Olympus shall comply with laws, regulations and standards applicable to the protection of personal information and review and make continuous improvements to the above-mentioned measures.

Public Announcement Pursuant to the Act on the Protection of Personal Information

Olympus hereby publishes the following information pursuant to the Act on the Protection of Personal Information.

  • Personal information handling business operator
    Personal information handling business operator Address representative
    Olympus Corporation Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-0914 Yasuo Takeuchi
    Olympus Medical Systems Corp. 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Tomohisa Sakurai
    Olympus Marketing Corp. Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-0914 Koji Ando
    Nagano Olympus Co., Ltd. 6666 Inatomi, Tatsuno-machi, Kamiina-gun, Nagano 399-0495 Tatsuya Honda
    Aizu Olympus Co., Ltd. 3-1-1 Niiderakita, Aizuwakamatsu-shi, Fukushima 965-8520 Kenji Matsuoka
    Aomori Olympus Co., Ltd. 2-248-1 Okkonoki, Kuroishi-shi, Aomori 036-0357 Tomoaki Kabayama
    Shirakawa Olympus Co., Ltd. 3-1 Oaza-Odakura-Aza-Okamiyama, Nishigo-mura, Nishishirakawa-gun, Fukushima 961-8061 Kenichi Katagiri
    TmediX Corporation Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-0914 Keisuke Fujii
    Olympus Digital System Design Corp. 8F Nihon-Seimei Tachikawa Bldg., 2-20-5 Akebono-cho, Tachikawa-shi, Tokyo 190–0012 Akio Yoshioka
    Olympus Terumo Biomaterials Corp. Daiwa Sasazuka Tower, 1-50-1 Sasazuka, Shibuya-ku, Tokyo 151-0073 Hiroshi Hashimoto
    Olympus-Supportmate Corp. 2951 Ishikawa-machi, Hachioji-shi, Tokyo 192-8507 Kumi Tatsuta
    Evident Corporation Shinjuku Monolith, 2-3-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo 163-0914 Yoshitake Saito
    Evident Nagano Corporaiton 6666 Inatomi, Tatsuno-machi, Kamiina-gun, Nagano 399-0495 Kenichi Koyama
  • Utilization purpose of Personal Information

    Olympus acquires the personal information acquired for the utilization purposes below.

    (1) Personal information of customers

    • Shipment, arrangement and provision of information relating to products and services
    • Sale, repair and inspection of products; provision of after sales services
    • Notification and performance of seminars, academic conferences, exhibitions, events, contests, campaigns and other activities hosted, co-hosted or sponsored by an Olympus Group company or in which Olympus has a display or is giving a presentation
    • Planning, research, development and marketing of products
    • Access control and access history management of facilities managed by Olympus
    • Performance of negotiations, meetings and other communications with customers
    • Handling and documentation of various inquiries, requests for materials and other customer services
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.

    (2) Personal information of business partners

    • Performance of negotiations, meetings, communication and other interactions with business partners as well as provision of information thereto
    • Performance of business operations commissioned to Olympus by business partners
    • Access control and access history management of facilities managed by Olympus
    • History management of education provided by Olympus
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.

    (3) Personal information of shareholders

    • Exercise of rights and obligations under corporate law
    • Provision of benefits to the shareholder in accordance with his/her position as a shareholder
    • Performance of measures to maintain a smooth the relationship between the shareholders and Olympus, in terms of the members of the association and the association itself
    • Performance of shareholder management as stipulated by the relevant laws, such as management of shareholders, preparation of shareholder data etc.

    (4) Personal information of job applicants

    • Provision of job information (including internships) to applicants, and execution of operations related to recruitment activities
    • Recruitment operation management

    (5) Personal information of employees

    Olympus uses personal information of present and former directors and employees, their families and relatives, f for the following utilization purposes.

    • Business-related communication and procedures
    • Communication with corporate health insurance associations, corporate pension funds and labor unions, as well as Among Olympus group companies
    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.Execution of personnel and labor management operations

    (6) Personal information of patients

    • Performance of investigations and documentation, as well as reports to government institutions as required by law and other legal ordinances.

    In case further utilization of personal information by Olympus due to direct notification, contracts or other means, those utilization will overrule the one listed above.

  • Provision of personal information to third parties

    Olympus will not provide personal information provided by customers etc. to third parties with exceptionto the following cases:

    • The customer etc. has provided consent
    • The information is provided to contractors or other parties to the extent necessary to achieve the utilization purposes indicated to the customer, etc.
    • Provision is permitted by law or other ordinances or regulations.
    • Provision or disclosure is urgently required to protect the life, body or assets of a person

    In cases in which Olympus is outsourcing a business activity involving personal information, Olympus will enter into a contract with the outsourcing partner that includes obligations to properly handle personal information. In addition, Olympus will perform sufficient supervision and instructions towards the outsourcing partner.

  • Joint utilization of personal information

    (1) Olympus group

    Olympus Group may jointly utilize retained personal information among all group companies.

    (a) Categories of personal information utilized jointly
    Examples include name and contact information (company name, department name, job title, address, telephone number, fax number, e-mail address, purchase history, inquiry and request history) etc.

    * When sharing personal information other than the above, the principal will be separately notified either directly or in the form of an announcement.

    (b) Scope of joint utilization
    Olympus Group companies.
    (c) Utilization purpose
    To fulfill the services provided to Olympus customers and to fulfill the purposes that have been notified or published.
    (d) Entity responsible for joint utilization
    Olympus Corporation

    (2) Corporate health insurance association, corporate pension funds and Labor unions

    (a) Categories of personal information utilized jointly
    Personal information of employees, retirees and their family members (e.g., employee number, name, sex, birth date, date of employment, department, employment status, personnel treatment data necessary for labor-management consultations) in the possession of each party, as well as other data necessary for the achievement of the utilization purposes.
    (b) Scope of joint utilization
    Information shall be jointly utilized among corporate health insurance associations, corporate pension funds and labor unions.
    (c) Utilization purpose of joint utilization
    • Appropriate management of employees, retirees and their families
    • Communication, notification and provision of information to the principal
    • Use as basic data for labor-management affairs (negotiations) on wages and other labor conditions of the principal
    • Smooth implementation of appropriate measures among joint parties in the event of disasters or emergencies relating to Olympus or the principal
    • Performance of practical operations relating to welfare programs offered by joint parties
    (d) Entity responsible for joint utilization
    Olympus Corporation

    (3) Nihon Ultmarc Inc.

    Olympus Corporation, Olympus Marketing Corporation, Olympus Terumo Biomaterials Corporation and TmediX Corporation handle the "Medical Database (MDB)", a database of basic information on healthcare professionals and medical institutions nationwide provided by Nihon Ultmarc Inc., jointly with certain healthcare-related companies.

    Please refer to Nihon Ultmarc's website for the utilization purpose of personal information and other details.

    個人情報の共同利用について | 株式会社日本アルトマーク / Nihon Ultmarc INC. opens in new window

  • Security control measures for personal information

    Establishment of basic policy

    • For handling personal information appropriately, Olympus established a basic policy including topics such as “implementation of an internal system”, “proper handling information”, “limitation of disclosure and provision of personal information to third parties”, “ensuring accuracy and safety”, “compliance with laws and regulations, and continuous improvements”.

    Establishment ofrules for handling personal information

    • Olympus has established a policy covering stages and performance of activities such as acquisition, use, storage, provision, deletion/disposure of personal information. Relevant managers in charge are stipulated as well.

    Organizational security control measures

    • Olympus appointed a responsible staff/managers in charge of supervising the handling personal information Roles and responsibilities are clearly defined.
    • Olympus has implemented appropriate processes to promptly respond to (potential) incidents.
    • Olympus has established measures to ensure transparency over data processing activities.
    • Olympus periodically checks the status of handling personal information.

    Human-related security control measures

    • Olympus regularly educates the directors and the employees on security control measures related to protection of personal information.
    • Items related to the confidentiality of personal information are stipulated in internal rules etc.

    Physical security control measures

    • Appropriate access control is implemented for employees in areas where personal information is handled.
    • When carrying personal information, encryption and password protection are used to prevent leakage etc.
    • When documents or electronic media containing personal information are disposed of, they are done so in a manner that makes them unrecoverable.

    Technical security control measures

    • Access controls are in place to limit the access to personal information only persons necessary.
    • Olympus has established measures to protect personal information handling systems from unauthorized access and malicious software.
  • Disclosure etc. of personal information

    Olympus is ready to respond to principal’s requests incl. such, filed by the principal’s agent) for disclosure etc. *1 of the principal’s retained personal Information.

    Olympus generally accepts requests in writing only, so that Olympus can effectively verify your identity. You may initiate the request process by printing out and completing the appropriate forms provided below. You may submit the completed form together with your identification (plus the appropriate fee if the request is for disclosure to your personal Information or notification of use of purpose) to the personal Information Inquiry desk by mail. Olympus will, upon receipt, forward the request to the concerned company for necessary procedures, and will reply to you by certified mail or e-mail*2.

    *1: Disclosure etc. includes: disclosure, rectification, addition, deletion, cease of use, erasure, cease of third-party provision of the principal’s personal information, disclosure of records of third party provision, and notification of purpose of use. *2: Olympus will send a reply within three weeks after the receipt of your request. Olympus will notify you it needs more than three weeks for investigation.

    Request form

    Please download and complete the appropriate form below:

    Document you need to submit

    • 1. Request form
    • 2. Identification for verification that the Personal Information in question does indeed pertain to the individual who is making said request (Either (1) or (2) must be provided)
      • (1) Copy of a valid drivers' license or a valid passport: One copy
      • (2) Copy of pension card or health insurance card together with certificate of residence: One set
    • 3. Fee (Only requests regarding utilization purpose and disclosure) 1,600 Yen / company (in fix-amount postal money order)

    Request via agent

    If the demand is filed by an agent, the following must be submitted, in addition to the documents specified in (1) through (3) above:

    For agents with Power of Attorney:

    • Documents providing evidence that the party making the request has Power of Attorney from the person to whom the personal information relates (Both (1) and (2) below must be submitted).
      • (1) Power of Attorney (with the seal of the grantor): 1x
      • (2) Certificate of a Grantor incl. seal: 1x

    For statutory agent:

    • Document providing evidence that the said agent is legally entitled to represent the individual in question_ 1x
      • Please enclose fixed-amount postal money order in the amount of 1,600 yen only if you wish to file a request regarding the utilization purpose or request for disclosure. (1,600 yen / company)
      • We do not accept any form of payment other than fixed-amount money orders.

    If we are unable to comply with your request under the provisions of the law, or if we are not in possession of the Personal Information you have requested, a reply to that effect will be mailed to you (the Fee will not be refunded)

    If your request lacks particular information or documents, the personal Information Inquiry Desk will contact you. If you are not able to provide the necessary corrections or deliver additional documents within one month, we deem your request as “not filed”.

    Contact

    For your convenience, we have set up one point of contact for any request you have regarding Olympus Group Companies in Japan. In some cases, customers might have registered to a certain website and might be able to file a request directly via that website. Kindly check the those websites for whether you can file a request.

    Via mail

    Personal Information Inquiry Desk HR HRIS operations site operation & planning
    Olympus Corporation
    Shinjuku Monolith, 2-3-1 Nishi-Shinjuku
    Shinjuku-ku, Tokyo
    163-0914

    Via e-mail

    privacy@olympus.com

    * Personal Information submitted in conjunction with your request will be used only to the extent needed for the work carried out in connection with your said request. The submitted documents are will not be returned.

  • Complaints regarding the handling of Personal Information

    Any complaints regarding the handling of personal Information by Olympus should be addressed to:

    Via mail

    Personal Information Inquiry Desk HR HRIS operations site operation & planning
    Olympus Corporation
    Shinjuku Monolith, 2-3-1 Nishi-Shinjuku
    Shinjuku-ku, Tokyo
    163-0914

    Via e-mail

    privacy@olympus.com

    * Personal Information submitted in conjunction with your complaints will be used only to the extent needed for the work carried out in connection with said complaints. The submitted documents will not be returned.

  • Anonymously processed information

    Olympus Corporation and Olympus Medical Systems Corp. (collectively, "We") will utilize anonymously processed information as stipulated in the Act on the Protection of Personal Information and its related guidelines on anonymization for the purposes of health promotion and extension of health/life expectancy. We use anonymized information as follows:

    Utilization purpose for anonymously processed information

    • 1. Development of systems and surgical instruments for surgery by processing data using surgical videos and related descriptions.
    • 2. Development of educational services and products that enhance the learning proficiency of surgeons by using recordings of surgical procedures.
    • 3. Other purposes related to 1. and 2.

    Categories of information provided by individuals

    • 1. Information regarding the patient (age, sex)
    • 2. Information regarding the surgery (disease name, surgical method, duration of surgery, and the amount of intraoperative blood loss. However, disease name and surgical procedures that can identify specific individuals are not included)
    • 3. Information regarding the physician who performs the surgery (Years of experience, certified physician or not etc. However, physician name and facility name are not included)
    • 4. Video information of endoscopic surgery and other related information(However, face or voice of the patient or the physician performing the surgery are not included.)In addition, no description that can identify a specific individual is included in the metadata of the video information. Information on age, duration of surgery, and amount of intraoperative blood loss is generalized into groups within a certain range, and all values above or below a certain level are combined into the same value, so that specific individual cannot be identified.

    Method of provision

    Data is provided via password-protected electronic files in external storage media by hand delivery, or through a highly secure cloud service.

    Security control measures of anonymously processed information

    When handling anonymously processed information, we take necessary and appropriate security control measures to prevent leakage, loss, or damage etc. In addition, we exercise necessary and appropriate supervision over the parties to whom we provide anonymously processed information.

    Source of anonymously processed information

    Domestic medical facilities and domestic medical data management providers

    Provision of anonymously processed information

    Provision is limited to domestic and foreign medical institutions, our affiliated companies, other companies that have been commissioned by us to develop surgical instruments and systems related to surgery, or to develop educational services and products that aim to enhance the proficiency level of learning about surgery and other medical care-related topics, or those that have entered into joint research agreements with us etc.

    Those above will use the information within the scope of the utilization purposes of the anonymously processed information described above.

    Contact for complaints regarding the handling of anonymously processed information

    Via e-mail

    Personal Information Inquiry Desk HR HRIS operations siteo peration & planning
    Olympus Corporation
    Shinjuku Monolith, 2-3-1 Nishi-Shinjuku
    Shinjuku-ku, Tokyo
    163-0914

    Via e-mail

    privacy@olympus.com

  • Other

    Olympus may have additional stipulations within a specific business activity or services.
    Olympus may change or amend the policy for “Handling of Personal Information” in accordance with any changes of the Act on the Protection of Personal Information, including any of the above publications or processes, without prior notice.