This Privacy Policy describes how we collect and process personal information from data subjects in the European Union (“EU”) and the European Free Trade Association (“EFTA”) countries, under General Data Protection Regulation (“GDPR”).

1.What type of personal information, how we collect it, and for which purposes

(I)Personal information of customers such as healthcare professionalsPersonal information of customers such as healthcare professionals

We may collect and process the following information with regard to customers such as healthcare professionals:
・Personal identification information including name, date of birth, phone number, e-mail address and postal address
・Professional information including workplace, job title, training records, qualifications
・Financial information including bank account details
・Personal characteristics including personal preferences
・Video, audio or photograph that they are involved with
・Any other information that they choose to provide to us or allow a third party to share with us.

We may collect the above personal information directly from our customers or through a third party

We may process the above personal information for the following purposes:,
・Registration of customer accounts for provision of training
・Coordinating support and preventive maintenance of our products
・Marketing and providing information about our products and services
・Developing and improving our products and services
・Coordinating site visits and other events
・Evaluating and coordinating clinical research and studies
・Conducting product safety measures
・Ensuring compliance with applicable laws and regulations

The legal bases for processing the personal information above are
(a)The fulfilment of our contractual obligations under an agreement with our customers;
(b)The fulfilment of our legal obligations; or
(c)Consent from our customers.

Note: We may collect and process the clinical data of our customers’ patients regarding the results of clinical research implemented by specific medical research institutions so as to evaluate and improve our products, but only when we confirm that the explicit consent of the patients has been granted and that such data shared with us is fully anonymized.

(II)Personal information related to business partners such as distributors, suppliers, and alliance partners

We may collect and process the following information with regard to business partners such as distributors, suppliers, and alliance partners:
・Personal identification information including name, phone number, e-mail address and postal address
・Professional information including workplace and job title
・Any other information that they choose to provide to us or allow a third party to share with us.

We may collect the above personal information directly from business partners or through a third party.

We may process the above personal information for the following purposes:
・Communication for business operation, performance of contracts, business negotiations
・Sales, order fulfilment, distribution and invoicing of our products and services
・Purchasing products and services for our own use
・Providing information about our products and services
・Developing and improving our products or services
・Ensuring compliance with applicable laws and regulations

The legal bases for processing the personal information above are:
(a)(a) The fulfilment of our contractual obligations under an agreement with our business partners;
(b)The fulfilment of our legal obligations; or,
(c)Acting in our legitimate interests.

(III)Personal information related to job applicants

We may collect and process the following information with regard to our job applicants:
・Personal identification information including name, phone number, e-mail address and postal address
・Documentation including application forms, cover letters or interview notes, copies of qualification certificates, and any other background check documentation
・Details of their skills, qualifications, experience and work history with previous employers
・Information about their current salary level, including benefits and pension entitlements.
・Any other information that they choose to provide to us or allow a third party to share with us.

We may collect the above personal information during the recruitment process either directly from our job applicants, or occasionally from a third party such as an employment agency.

We may process the personal information above for the following purposes:,
・Managing the recruitment process and assessing the applicant suitability for employment or engagement
・Coordinating an interview, a notice or any other communication with applicants
・Decision to offer a job to an applicant
・Ensuring compliance with applicable laws and regulations.

The legal bases for processing the personal information above are:
(a)The fulfilment of our contractual obligations under an agreement with our job applicants;
(b)The fulfilment of our legal obligations; or,
(c)Acting in our legitimate interests.

(IV)Personal information of employees

We may collect and process the following information with regard to our employees:
・Personal identification information including name, date of birth, gender, marital status and dependants. phone number, e-mail address and postal address
・Basic Work Details information including our employees’ work contact details, employee number, photograph, job title, job description, assigned business unit or group, reporting lines, primary work location, working hours and their terms and conditions of employment
・Financial information including bank account details, payroll records, benefits package and tax status information.
・Performance management information including colleague and manager feedback, appraisals, outputs from talent programmes and formal and informal performance management processes;
・Health information including health examination records and any medical condition, health and sickness records.
・Any other information that our employees choose to provide to us or allow a third party to share with us.

We may collect the above personal information directly from our employees or through a third party. As for health information, we will obtain their explicit consent when we collect and process such information.

We may process the above personal information for the following purposes:
・Conducting business liaison and business performance
・Paying salaries, implementing human resource and labour management, and providing fringe benefits
・Conducting performance reviews, managing performance and determining performance requirements.
・Assessing qualifications for a particular job or task, including decisions about promotions.
・Managing the health of employees and complying with health and safety obligations.

The legal bases for processing the personal information above are:
(a)The fulfilment of our contractual obligations under an agreement with our employees;
(b)The fulfilment of our legal obligations; or,
(c)Acting in our legitimate interests.

When above data subjects visit our websites, we may collect and use cookies with their explicit consent for the purpose of e.g. maintaining user sessions, providing service accordance with individual attributes and behaviour, and tracking website usage for analytics. More information about how we use such cookies will be described in our Cookie Policy.

In addition, we may use the web analysis service “Google Analytics” from Google LLC (“Google”) to confirm information about our customers’ visits to this website. Google anonymously uses information obtained by cookies to save a profile of which pages they have visited within a session.

Google will use this information to evaluate our customer’s use of this website and to compile reports on website activities for our own use. We may use the anonymous data received from Google Analytics to understand how the web services can be improved.

The legal bases for the processing of the personal information when we use website analytics are our legitimate interests or the customer’s consent.

The personal information that we collect from above data subjects may be stored and processed in their respective home country, or outside their home country, including but not limited to Japan, the United Stated of America, Germany, Singapore or any other country where we or our related companies or business partners have their main facilities.

If we transfer the personal information above to Japan, the United States (commercial organisations participating in the EU-US Data Privacy Framework) or other countries which are outside of the EU but which are recognised as providing adequate protection by the European Commission, we will process the data according to the relevant clauses for protecting personal information in such countries in addition to the clauses of GDPR. If the country to which we need to transfer the personal information above is outside of EU and is not recognised as a country providing adequate protection by the European Commission, we will obtain each data subjects’ consent to transfer their personal information or execute a Standard Contractual Clause (“SCC”) with any third party to whom such information is to be transferred.

We may use cloud services provided by Synergy Marketing, Inc. in Japan to store and process customers’ personal information contained in membership information of users of Medicaroid Intelligent Information Site (MIIS) and personal information submitted through an inquiry format by whom contact our corporate website.

We may share this information with our related companies, including our subsidiaries, Kawasaki Heavy Industries, Ltd., Sysmex Corporation, and their subsidiaries, to the extent required for our purposes to store or process the aforementioned personal information according to the relevant clauses in the Standard Contractual Clauses (“SCC”) (provided that such SCC shall be executed if the country in which the other company with which we share the information is located is outside the EU, has not yet been recognized as providing adequate protection by the European Commission and if we have not yet executed any SCC or Binding Corporate Rules (“BCR”) to verify such sharing).

We may share the personal information with Cornerstone OnDemand International Ltd.,("Cornerstone”), a cloud-based development software provider and learning technology company in United Kingdom which assures compliance with the GDPR, to the extent required for our purposes to provide customers with a learning management system for training provided by Cornerstone. Cornerstone may also share the personal information with its affiliates and/or other sub-processors located in the United States and/or other countries outside the European Economic Area, as is reasonably required to provide support, perform technical projects or perform other types of services under the service agreement between us and Cornerstone, provided that, to the extent applicable, either: such countries in which its affiliates and/or other sub-processors are located are recognised as providing adequate protection by the European Commission; or other cross-border mechanisms compliant with the GDPR have been established with such affiliates and/or other sub-processors

2.How we protect Personal Information

We implement appropriate technical and organizational measures designed to provide an adequate level of security and confidentiality for the personal information we obtain and process from each data subject under this Privacy Policy.

The purpose of these measures is to protect the aforementioned personal information against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

3.How long we store Personal Information

We store the personal information we collect and process from each data subject under this Privacy Policy only as long as required for the intended purpose. Personal information processed for multiple purposes will be promptly deleted (or altered so that it can no longer identify the data subject) when collection and processing becomes unnecessary for all of the intended purposes.

4.Data protection rights

Under the GDPR, data subjects have the following rights:

・Right of access – Data subjects have the right to ask us for copies of their personal information.
・Right to rectification - Data Subjects have the right to ask to rectify personal information they think is inaccurate. They also have the right to ask us to complete information they think is incomplete.
・Right to erasure – Data subjects have the right to ask us to erase their personal information in certain circumstances.
・Right to restriction of processing – Data subjects have the right to ask us to restrict the processing of their personal information in certain circumstances.
・Right to object to processing - Data subjects have the the right to object to the processing of their personal information in certain circumstances.
・Right to data portability - Data subjects have the right to ask that we transfer the personal information we obtained from them to another organisation, or to the Data subjects themselves, in certain circumstances.
・Right to withdraw consent - If our data processing is based on the Data subjects consent, they may withdraw their consent at any time. Withdrawal of consent will not affect the lawfulness of processing done before said withdrawal.

To exercise any of the above rights, data subjects should contact us at the contact information point provided below.

Each data subject may also object to our processing of their personal data by contacting the data protection supervisory authority where they live, work, or where the GDPR violation took place.

5.Amendments to This Privacy Policy

We may change this Privacy Policy as necessary. Any substantive changes will be communicated to the data subjects (customers, employees, etc.), in advance by posting on our website or by other means.

Contact Us

Our Contact Details

If you fall under any of the data subjects set forth in this Privacy Policy, and have any questions about this Privacy Policy or about the nature of the data that we hold and that concerns you, or if you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Name: Medicaroid Corporation
Address: International Medical Device Alliance 6th floor, 1-6-5 Minatojima Minami-machi, Chuo-ku, Kobe 650-0047, Japan
E-mail: mrd_eudp_admingroup@medicaroid.com

General Data Protection Regulation (GDPR) – European Representative (Not including the United Kingdom)

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed the European Data Protection Office (EDPO) as our GDPR Representative in the EU.
You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

Nov 4, 2025