Personal Information Protection Policy

NIPPON STEEL Hitachi Systems Solutions, Inc.(“we”) strongly recognizes that personal information has a close relationship with personal character and that personal information must be handled carefully in accordance with respect for basic human rights as defined by the Constitution of Japan. In consideration of how we provides information services throughout Japan, we have defined and implemented the following Personal Information Protection Policy regarding the protection of personal information handled in our business activities, thus responding to the trust from our customers.

  1. Appropriate collection, use, and provision of personal information
    1. (1) Collection of personal information is performed using appropriate and fair methods. Fundamentally, personal information is only collected after receiving agreement from the individual regarding the purpose of use, etc. When collecting personal information through methods other than direct written materials, the purpose of use, etc., is listed on our website.
    2. (2) Personal information is only used within the scope of the purpose of usage which was agreed to or disclosed per the previous item, and only by parties who have been granted usage rights. We takes required measures to ensure that personal information is not used outside of the scope of the purpose of usage.
    3. (3) Fundamentally, the collected personal information is not provided to a third party without agreement from the individual, except in cases in which personal information is outsourced to an external party.
    4. (4) When outsourcing personal information to an external party, we executes required agreements with the contractor and conducts sufficient monitoring for safe management.

  2. Compliance with laws, government policies, and other standards
    Regarding the protection of personal information, we complies with laws, government policies/standards, and other rules applying to protection of information assets by us.

  3. Preventing and correcting the leakage, loss, and damage of personal information
    Regarding the use and storage of personal information, we establishes appropriate measures for safe management; for example, information security measures to prevent leakage, loss, and damage. Furthermore, we establishes measures for immediate correction if a problem is discovered.

  4. Response to complaints and inquiries
    Requests related to personal information held by us and questions, complaints, etc., regarding the handling of personal information are accepted by the Secretariat of our Information Security Committee(

  5. Continual reform of the personal information protection management system
    We has formulated a management system related to the protection of personal information and continually engages in accurate reform of the system in response to social needs, monitoring results, etc. Furthermore, we constantly encourage each person involved in our business activities to hold a high level of awareness.

Adopted:April 1, 2004
Last amended:June 17, 2021

Hiroyuki Hori, President
NIPPON STEEL Hitachi Systems Solutions, Inc.

If you have any inquiries, requests or comments with regard to handling of personal information, please contact us by email at or write to us at:

NIPPON STEEL Hitachi Systems Solutions, Inc.
St. Luke's Tower 26F
8-1, Akashi-cho, Chuo-ku, Tokyo, JAPAN
Attn.: Personal Information Manager, Information Security Dept.

GDPR Privacy Notice

This GDPR Privacy Notice (“Notice”) applies to our collection, use, sharing and other processing (“Process” or “Processing”) of personal data of individuals located in the European Economic Area (“Personal Data”).

  1. Categories of Data We Process
    NIPPON STEEL Hitachi Systems Solutions, Inc. ("NHS") Processes the following categories of data:
    Personal Data regarding the following categories of natural persons:
    • Personnel of our business partners, such as existing or prospective customers, service providers, and vendors,
    • Website visitors, and
    Personal Data transferred to us by Controllers for our Processing services on behalf of Controllers.

  2. Purposes and Legal Basis of Processing
    Data Subject Purpose and Legal Basis
    Personnel of our business partners Marketing of our products and services: NHS has a legitimate interest in following up with its prospective customers who have conferred their contact information to NHS and in updating them on new developments and events.
    Execution and performance of contracts: NHS has a legitimate interest in Processing Personal Data as necessary to negotiate terms of contracts with its business partners and to perform its obligations thereunder.
    Website Visitors NHS uses cookies on its website for the purpose of web audience measurement and improvement, and for marketing of our services based on your consent. Information collected by cookies includes IP address, geolocation, browser type and language, pages visited and for how long, and other metrics. For more details, please see our Cookie Notice.
    General Information security and compliance: it is NHS’s legitimate interest to keep records of your access to our systems and facilities in order to maintain and improve our information security, and to ensure our compliance with applicable laws.
  3. Categories of Recipients
    NHS will disclose Personal Data to the following categories of recipients:

    • Subcontractors, service providers, and product vendors of NHS,
    • Customers to which services of NHS’s other business partners, such as third party service providers, are provided,
    • External advisors such as attorneys, accountants and tax advisors (“Advisors”) of NHS,
    • Affiliate companies of NHS and their advisors and subcontractors with whom NHS needs to share Personal Data for the purpose of Processing such data, and
    • Other business partners with whom NHS needs to share Personal Data for the purpose of Processing such data.

    Recipients of Personal Data may be located in countries and areas outside of the European Economic Area (“Third Countries”), where applicable laws may not offer the same level of data protection as the laws of the respective natural persons’ home country. In such case, NHS will transfer Personal Data only as permitted under the laws then applicable to it, such as, for example, upon obtaining your explicit consent, or upon its adoption of the Standard Data Protection Clauses/Standard Contractual Clauses approved by the EU Commission.

  4. Retention Period
    NHS will retain your Personal Data for as long as necessary for the purposes set out above, or for as long as it is so required by law. NHS will endeavor to erase Personal Data as soon as possible when such retention is no longer necessary for the purpose for which they were collected or otherwise Processed, provided that such retention is not required by applicable laws or regulations or for NHS’s exercise or defense of legal claims.

  5. Rights of the Data Subject
    Natural persons may:
    • request access to, correction and/or erasure of their Personal Data,
    • object to the Processing of their Personal Data,
    • restrict the Processing of their Personal Data, and
    • request a copy of their Personal Data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability.

    Natural persons may object to the Processing of their Personal Data pursuant to NHS’s legitimate interest. In such case, NHS will stop Processing their Personal Data unless NHS is able to demonstrate appropriate overriding legitimate grounds for such Processing. Also, natural persons shall have the right to object at any time to the Processing of their Personal Data for direct marketing purposes, in which case their Personal Data shall not be used for those purposes.

    Where the Processing of data is based on consent, natural persons shall have the right to withdraw their consent at any time, without affecting the lawfulness of the Processing of data based on consent, carried out before its withdrawal.
    Natural persons shall have the right to lodge a complaint with a supervisory authority pursuant to Art. 57 (1) (f) GDPR.

  6. Chief Privacy Officer and Contact:
    NHS’s Chief Privacy Officer is Yoshitaka Takahashi.

    If you have any enquiries or concerns regarding the Processing of your Personal Data or if you wish to exercise any of the above rights, please contact us by email at or write to us at:

    NIPPON STEEL Hitachi Systems Solutions, Inc.
    St. Luke's Tower 26F
    8-1, Akashi-cho, Chuo-ku, Tokyo, JAPAN
    Attn.: Personal Information Manager, Information Security Dept.