Privacy Policy

As of April 1, 2022

ITOCHU Corporation (the “Company”) recognizes that it is our social responsibility to properly manage and protect personal information that is provided to us, such as names, addresses and other information of individuals, which could allow specific individuals to be identified (“Personal Information”). Accordingly, the Company will handle Personal Information in accordance with this Privacy Policy (this “Policy”).

1. Compliance with laws and control of Personal Information

The Company will comply with Japan’s Act on the Protection of Personal Information and all other related laws and regulations, and the Company will strive to take all necessary and appropriate measures with regard to the Personal Information that it collects and receives, in order to prevent any unauthorized access to, and leakage of, such Personal Information.

2. Purpose of use of Personal Information

The Company will use Personal Information solely within the scope of the following purposes, and to the extent deemed relevant to those purposes (the “Purpose(s)”), unless individually specified or informed or announced:

  1. In the conclusion and execution of agreements, and in the conduct and management of any other transaction related to the Company’s business;
  2. For communications related to the Company’s business, and in correspondence, greetings, and other acts of general etiquette;
  3. Providing information related to the Company’s business;
  4. In research, analyses, studies, and audits related to the Company’s business;
  5. In the production of statistical information, analysis of anonymously processed information, and other processing of Personal Information for the Company’s use;
  6. Exchanging information and communicating with industry and organizational stakeholders related to the Company’s business; or
  7. Any other activities related to or incidental to the above Purposes.

For the purposes of use of Personal Information of shareholders of the Company, please click here.

3. Disclosure and provision of Personal Information to third parties

The Company will not disclose or provide Personal Information to any third party without obtaining in advance consent from the individual to whom such Personal Information relates (the “Principal”), unless such disclosure or provision of Personal Information is permitted, required, or enforced by any applicable laws or regulations.

4. Joint use of Personal Information

The Company may jointly use Personal Information with others as described in ‘Joint use of Personal Information’.

5. Anonymously processed information

Please see ‘Anonymously Processed Information’ for information about anonymously processed information produced and provided by the Company.

6. Notification of the Purpose

In the event that a Principal wishes to be notified about the Purpose for which the Principal’s Personal Information is being retained by the Company (the “Retained Personal Data”), the Company will inform the Principal of such Purpose only after verifying the identity of the Principal (or his/her representative). Notwithstanding the foregoing, the Company may not be able to provide such information in whole or in part in the event that: (i) there is a possibility of harm to the life, body, or property of, or any other rights or interests of, the Principal or a third party, (ii) there is a possibility of harm to any of the Company’s rights or legitimate interests, (iii) there is a possibility that such provision of information might interfere with the performance of affairs by a national or local government authority as prescribed by applicable laws and regulations to the extent that the Company is required to cooperate with such performance, (iv) the Purpose is clear, given the circumstances under which the Personal Information was obtained, or (v) such provision of information is prohibited under any applicable laws or regulations.

7. Disclosure of Personal Information to the Principal

In the event that a Principal wishes to receive a disclosure of the Retained Personal Data about the Principal, records on third party provision of personal information which constitutes a database that enables the Company to search for personal information (the “Personal Data”), or records on receipt of the Personal Data from a third party, the Company will, after verifying the identity of the Principal (or his/her representative), make such disclosure either by electronic data or in writing at the selection of the Principal (or if the Principal has no preference, as selected by the Company). Notwithstanding the foregoing, the Company may not be able to provide such information or records in whole or in part in the event that: (i) there is a possibility of harm to the life, body, or property of, or any other rights or interests of, the Principal or a third party, (ii) there is a possibility that the Company’s proper execution of business could be seriously harmed, damaged or impeded, or (iii) such disclosure violates any applicable laws or regulations.

8. Correction, addition, or deletion of Personal Information

In the event that a Principal wishes the Company to correct, add, or delete any of the Retained Personal Data about the Principal (collectively, “Correction”), the Company will make such Correction after verifying the identity of the Principal (or his/her representative). Notwithstanding the foregoing, the Company has the right to refuse to make such Correction in the event that: (i) the contents of the Retained Personal Data are factually accurate and correct, (ii) special procedures are set forth in applicable laws and regulations, or (iii) such Correction is unnecessary in light of the Purpose.

9. Discontinuance of use and erasure of Personal Information

In the event that a Principal desires the discontinuance of use or the erasure of the Retained Personal Data about the Principal (collectively, “Discontinuance of Use”), the Company will carry out such Discontinuance of Use after verifying the identity of the Principal (or his/her representative). Notwithstanding the foregoing, the Company has the right to refuse such Discontinuance of Use in the event that: (i) the reasons for Discontinuance of Use prescribed in the Act on the Protection of Personal Information are not met, such as where the Retained Personal Data is properly handled by the Company to the extent required to achieve any relevant Purpose specified in advance or is collected in an appropriate manner, or (ii) the Company takes alternative measures necessary to protect the rights and interests of the Principal where the Company has difficulty with the Discontinuance of Use. Please note that the discontinuance of any use, or the erasure of, all or part of the Retained Personal Information may prevent or impede the provision of any service or transaction requested by the Principal.

10. Handling of Personal Information on our Website

(1)Use of Cookies

The Company uses cookies on the Company’s website (www.itochu.co.jp; the “Website”) in order to gain a better understanding of customer access to the Website, which helps the Company to improve and make the Website more useful and user-friendly. Although the Company may identify browsers used by a customer and the status of browsing on the Website through its use of cookies, the cookies will not be used to identify Personal Information of customers.

(2)Use of Web Beacons

The Company uses web beacons on the Website for the purpose of obtaining statistical information in order to improve the Website’s relevance and usefulness. The web beacons will not be used to identify Personal Information of customers, but will be used solely for the purpose of understanding the status of browsing on the Website.

(3)Use of Google Analytics

On the Website, the Company uses services provided by Google Inc. called ‘Google Analytics’ for the purpose of ascertaining the usage status of the Website. ‘Google Analytics’ is a service that uses cookies to collect information about the usage trends of websites without identifying any user or person. ‘Google Analytics’ is managed and operated in accordance with the privacy policy of Google Inc. Please refer to the Google Inc. website for the ‘Google Analytics Terms of Service’ ‘Google Analytics Terms of Service’ and ‘Privacy Policy’. The company is not liable for any damage, loss, or disadvantage caused by the services provided by or any use of any ‘Google Analytics’ services.

(4)Acquisition of access history

The Company records customer information in the form of access logs on the Website. This includes information such as a user’s IP address, the type of browser used, and the frequency of access to the Website, but such records do not include identifiable personal information. The access log will be used for statistics and analysis concerning the status of the use of the Website, but will not be used for any other purpose.

(5)Security

The Company uses SSL (Secure Sockets Layer protocol) and/or TLS (Transport Layer Security) on the Website to encrypt communications to protect Personal Information.

(6)External Links

This Policy applies to Personal Information obtained through the Website. However, in no event shall the Company be responsible for any other websites that are accessed through or from the Website.

11. Control of the Retained Personal Data

The Company will take measures to control access to the Retained Personal Data, restrict methods of taking out the Retained Personal Data, and prevent unauthorized access from the outside, and will take other necessary and appropriate measures for preventing leakage or loss of, or damage to, the Retained Personal Data and other security control of the Retained Personal Data (the “Security Control Measures”). When taking the Security Control Measures, the Company will utilize the frameworks of related laws and regulations, guidelines, and information security systems, and appropriately implement technical security control measures and Organizational Security Control Measures, as follows:

(1)Technical Security Control Measures

  1. The Company will control access to the Retained Personal Data (such as physical and electronic management of access authority, measures to prevent unauthorized access, and supervision of access status).
  2. The Company will restrict the methods of taking out the Retained Personal Data (such as measures against unauthorized removal outside the company using external storage media and e-mails).

(2)Organizational Security Control Measures

  1. Supervision of officers and employees (collectively, the “Employees”)
    • The Company will appoint a manager who is responsible for managing personal information and clearly prescribe the responsibility and authority of the Employees with regard to security control of the Retained Personal Data.
    • The Company will establish internal rules and manuals concerning security control of the Retained Personal Data and have the Employees comply with them, as well as conduct appropriate compliance audits.
    1. Supervision of outsourcing contractors
      • The Company may outsource all or a part of the handling of the Retained Personal Data. In such case, the Company will select outsourcing contractors deemed capable of handling the Retained Personal Data properly and implement necessary and appropriate management to ensure compliance by the outsourcing contracts with the obligations imposed on them by the Company.

12. Methods and contact points for the application or request for disclosures, etc.

With regard to any of the foregoing requests in paragraphs 6 to 9 concerning the Retained Personal Data and other information, please send identity verification documents (copy of driver's license, passport, insurance card, etc.) to the following address by mail.

〒107-8077
2-5-1 Kita Aoyama, Minato-ku, Tokyo
Public Relations Department, ITOCHU Corporation Personal Information Contact

13. Revision

The Company may revise this Policy from time to time to appropriately reflect any changes of laws, regulations, and other requirements as necessary.