Global Privacy Policy | Komatsu global site

Komatsu Ltd. (hereinafter referred to as “Komatsu”) and its subsidiaries in which Komatsu owns more than 50% of the voting shares (hereinafter Komatsu and such subsidiaries are collectively referred to as the “Komatsu Group”, “we,” “us”, or “our” and individually referred to as “Komatsu Company”) understand that appropriate protection of personal information is essential to our business, and we have established the following Global Privacy Policy and comply with it.

In view of the different privacy regulations in various regions and countries in which our Komatsu Group companies operate, if a Komatsu Company has established its own privacy policy in compliance with local laws, the privacy policy of the Komatsu Company shall prevail over this Global Privacy Policy. Please refer to the Privacy Policy on each Komatsu Company’s website.

I. Principles of this Global Privacy Policy

This Global Privacy Policy has been established based on the following principles.

1.Specification of purpose of collection: Komatsu Company collects personal information for the purposes of providing optimal products and services to our customers, building and maintaining business relationships with Business Partners in the supply chain (including distributors, vendors, suppliers, etc.), supporting the work execution of employees, and smoothly implementing human resources-related operations.
Further details on the personal information we collect are provided in Section II and beyond.

2.Collection: We notify our customers, Business Partners and our employees (hereinafter referred to as “you” in this Global Privacy Policy) of purposes of use and other necessary information before or at collecting their personal information in accordance with laws of the relevant countries and regions, and we collect their personal information by lawful and fair means. We also obtain your consent as necessary.

3.Use: We do not use your personal information for purposes other than those for which we have collected the personal information except where we obtain your consent or there is a requirement under relevant laws.

4.Quality of information: We ensure that your personal information is relevant to the purposes of use, accurate, complete, and up to date. We also manage and maintain the personal information.

5.Security safeguards: We protect personal information using reasonable security safeguards against risks including loss, destruction, use, modification, and leakage.

6.Openness: By disclosing our processing methods in this Global Privacy Policy, we ensure fair and transparent processing.

7.Notification: We notify you if there is any material change to the processing of your personal information.

8.Accountability: We are fully responsible for your personal information that we retain, and we continuously perform activities to comply with this Global Privacy Policy.

II. Processing of personal information of customers

1. Responsible entities
The entity responsible for handling its respective customers' personal information is Komatsu Company that collected the customer's personal information.

2. Categories of personal information we collect
We collect the following categories of personal information of our customers.
(1) Contact Information such as name, email address, zip code, address, phone number and company name;
(2) Information regarding communications with our customers including, but not limited to business discussions and meetings, participation in our exhibitions and seminars, responses to our questionnaire, opinions, requests and inquiries from our customers;
(3) Information about our products or services (including maintenance, etc.) that our customers have purchased or considered purchasing; and
(4) Information related to visits to our websites, such as access history, Internet Protocol (IP) address, location information and device information.

3. When we collect personal information
We collect personal information of our customers in various situations including the following.

Point of collection

Sources

When our customers:

Have business discussions and meetings with us
Participate in our exhibitions and seminars
Respond to our questionnaire
Send opinions, requests or inquiries
Have check and maintenance of our products or services

Our customers
Each Komatsu Company or distributors to whom our customers provided their personal information

Register to our services or modify registration

Visit our websites or our social media channels

Our customers

4. Purposes of use of personal information
We use personal information of our customers for the following purposes.
(1) To conclude and perform contracts with our customers
(2) To have business discussions with our customers and respond to their inquiries
(3) To provide information about our products and services to our customers
(4) To sell our products or services and conduct necessary checks and maintenance
(5) To plan, research, develop and improve our products or services
(6) To collect information necessary for our customers to use our services
(7) To protect and maintain the functions of our websites
(8) To analyze access to our websites and our social media channels
(9) To deliver advertising that is tailored to our customers’ interests
(10) To comply with our legal obligations

5. Disclosure of personal information to third parties
We may disclose specific categories of personal information of our customers to third parties as shown below. In such cases, we will take necessary measures, including where required, obtaining consent from our customers, in accordance with applicable laws.

Categories of personal information to be disclosed	Recipients	Purposes of disclosure
Categories of personal information (1) to (3) in section 2 above	Entities defined as third parties in various countries and regions (e.g., affiliated companies or our distributors where we do not hold a majority of voting rights)	Purposes (1) to (6) in section 4 above
Category of personal information (4) in section 2 above	Entities defined as third parties in various countries and regions (e.g., vendors or cloud service providers that we use to make our websites available, website access analytics service providers, and advertising partners)	Purposes (7) to (9) in section 4 above

We may also disclose personal information of our customers to governmental authorities or agencies for purpose (10) in section 4 above.

III. Processing of personal information of business partners

1. Responsible entities
The entity responsible for handling its respective Business Partners' personal information is Komatsu Company that collected Business Partner's personal information.

2. Categories of personal information we collect
We collect the following categories of personal information of our Distributors and Business Partners, etc.
(1) Contact information such as name, email address, zip code, address, phone number and company name.
(2) Information regarding communications with our Distributors and Business Partners, etc. such as business discussions and meetings, participation in our study sessions and seminars, responses to our questionnaire, opinions, requests and inquiries from our Distributors and Business Partners, etc.
(3) Information related to visits to our websites, such as access history, Internet Protocol (IP) address, location information and device information.

3. When we collect personal information
We collect personal information of our Distributors and Business Partners, etc. in various situations including the following.

Point of collection

sources

When our Distributors and Business Partners, etc.:

Have business discussions and meetings with us
Participate in our study sessions and seminars
Respond to our questionnaire
Send opinions, requests or inquiries

Our Distributors and Business Partners, etc.
Each Komatsu Company to whom our Distributors and Business Partners, etc. provided their personal information

When our Distributors and Business Partners, etc.:

Use our systems
Visit our websites

Our Distributors and Business Partners, etc.

4. Purposes of use of personal information
We use personal information of our Distributors and Business Partners, etc. for the following purposes.
(1) To perform contracts with our Distributors and Business Partners, etc.
(2) To have business discussions with our Distributors and Business Partners, etc. and respond to their inquiries.
(3) To provide information about our products and services to our Distributors and Business Partners, etc.
(4) To plan, research, develop and improve our products or services
(5) To collect information necessary for our Distributors and Business Partners, etc. to use our systems or services
(6) To protect and maintain the functions of our websites
(7) To analyze access to our websites
(8) To comply with our legal obligations

5. Disclosure of personal information to third parties
We may disclose certain categories of personal information of our Distributors and Business Partners, etc. to third parties as shown below. In such cases, we will take necessary measures, including where required, obtaining consent in accordance with applicable laws.

Categories of personal information to be disclosed	Recipients	Purposes of disclosure
Categories of personal information (1) and (2) in section 2 above	Entities defined as third parties in various countries and regions (e.g., affiliated companies or our distributors where we do not hold a majority of voting rights)	Purposes (1) to (5) in section 4 above
Category of personal information (3) in section 2 above	Entities defined as third parties in various countries and regions (e.g., vendor or cloud service provider that we use to make our websites available)	Purposes (6) and (7) in section 4 above

We may also disclose personal information of our Distributors and Business Partners, etc. to governmental authorities and agencies for purpose (8) in section 4 above.

IV. Processing personal information in relation to IoT services for our construction equipment and other products

1. Responsible entities
The entity responsible for handling its respective customers' personal information (including machine operators) in relation to our IoT services for machines is Komatsu Company that collected the customer's personal information.

2. Categories of personal information we collect
We collect the following categories of personal information in the course of the IoT services. As the information regarding machines described at (1) to (3) below can be associated with machine operators, we treat the information as personal information.
(1) Operator ID
(2) Location of machines
(3) Information of machine operation such as running and idling time of machines, travelling information, engine performance, fuel consumption, load factor and machine anomaly alert
(4) Account information for the IoT services including Komtrax such as email addresses and company names of our customers
(5) Inquiries from our customers and subsequent interactions with us

3. When we collect personal information
We collect personal information of our customers in various situations including the following.

Point of collection	Sources
When our customers: Use our products that is equipped with the IoT services function including Komtrax	Machines used by our customers (including operators)
Register account for the IoT services including Komtrax	Our customers or distributors to whom our customers provided their information
Make an inquiry to us or our distributors	Our customers Each Komatsu Company or distributors to whom our customers provided their personal information

4. Purposes of use of personal information
We use personal information of our customers for the following purposes.
(1) To provide information regarding machine condition and operation to our customers
(2) To make operators’ operation status available to our customers
(3) To provide after-sale services such as repair and maintenance of machines
(4) To plan, research, develop and improve our products or services
(5) To prevent unlawful use and theft of machines
(6) To maintain and protect IoT services accounts of our customers
(7) To respond to inquiries from our customers
(8) To comply with our legal obligations

5. Disclosure of personal information to third parties
We may disclose certain categories of personal information of our customers to third parties as shown below. In such cases, we will take necessary measures, including where required, obtaining consent in accordance with applicable laws.

Categories of personal information to be disclosed	Recipients	Purposes of disclosure
All categories listed in section 2 above	Entities defined as third parties in various countries and regions (e.g., affiliated companies or our distributors where we do not hold a majority of voting rights, vendors or cloud service providers that Komatsu Company uses to provide IoT services)	Purposes (1) to (7) in section 4 above

We may also disclose personal information of our customers to governmental authorities and agencies for purpose (8) in section 4 above.

V. Processing personal information of Komatsu Group employees

1. Responsible entities
The entity responsible for handling its respective employee's personal information is Komatsu Company that collected the employee's personal information.

2. Categories of personal information we collect
We collect the following categories of personal information of our employees or applicants.

Categories

Type

Name, gender, email address
Past work history and certification/qualification
Company/department name and job title

Employees or applicants

Payroll and expense reimbursement information
Personnel evaluation information

Employees

3. When we collect personal information
We collect personal information of our employees or applicants in various situations including the following.

Point of Collection

Sources

When:

We fulfil on-boarding procedures
We collect information for HR and worktime and attendance management
We evaluate performance
We make internal questionnaire
We hold internal training and seminars
Our employees use our facilities and equipment (e.g. entering and leaving the building, use of office cafeteria)
We make an emergency announcement or respond to a disaster

Employees
Internal IT systems (direct input of personal information by employees and collection of information such as usage from devices used by employees)
HR managers

Application for employment with us is made

Employees
HR managers
Recruiting agent used by our employees

4. Purposes of use of personal information
We use personal information of our employees or applicants for the following purposes.

Categories

Type

(1) To evaluate and select potential employees

Applicants

(2) To provide communication means among our employees
(3)For HR tasks such as onboarding, personnel and labor management, and performance evaluations
(4)To calculate payroll, provide benefits and reimburse expenses
(5)To advance employee development globally, including training, diversity and inclusion initiatives, organizational strengthening, and facilitating information sharing among employees
(6)To monitor the use of our IT systems, facilities and equipment, including entry and exit logs, to manage access and ensure security
(7)To use content posted by our employees on our internal social networks for public relations purposes, but only with the explicit consent of the employees involved
(8)To ensure the safety of our employees in the event of an emergency or disaster
(9)To comply with our legal and regulatory obligations

employees

5. Disclosure of personal information to third parties
We may disclose certain categories of personal information of our employees or applicants to third parties as shown below. In such cases, we will take necessary measures, including where required, obtaining consent in accordance with applicable laws.

Categories of personal information to be disclosed

Recipients

Purposes of disclosure

All categories listed in section 2 above

Entities defined as third parties in various countries and regions (e.g., affiliated companies or our distributors where we do not hold a majority of voting rights, vendor or cloud service provider that we use to operate our HR information system)

Purposes (1) to (8) in section 4 above

We may also disclose personal information of our customers to governmental authorities and agencies for purpose (9) in section 4 above.

VI. How long we retain personal information

We retain personal information for as long as necessary for the purposes described in sections II.4, III.4, IV.4 and V.4 above or consistent with applicable laws.

VII. Personal information of children

If we collect personal information from a child (as defined by applicable laws in each jurisdiction), we will take the necessary steps in accordance with such laws, including obtaining the consent of the child's parent or guardian.

VIII. Sensitive information

We generally do not collect your personal information that is classified as sensitive information under applicable laws such as race, creed, social status, medical history, criminal record, the fact of having suffered damage by a crime. When we collect sensitive information, we will obtain explicit consent of the you or take other appropriate measures in accordance with applicable laws.

IX. Entrustment of processing personal information

We may entrust external vendors with the processing of personal information to the extent necessary to achieve the purposes described in sections II.4, III.4, IV.4, and V.4 above. Our measures include selecting vendors that meet our security standards, concluding agreements on the processing of personal information, and regularly monitoring the handling of personal information after entrustment. We continuously supervise these vendors.

X. Cross-border transfer of personal information

We may conduct a cross-border transfer of personal information to countries or regions outside of where the information was originally obtained, after taking measures in compliance with applicable laws and regulations.

XI. Security measures for personal information

We are well versed in the applicable data protection laws in relevant countries and regions, have established policies regarding personal information and information security, have appointed persons responsible for personal information based on these policies and manage personal information organizationally in order to protect personal information from unauthorized access, falsification,destruction, leakage, loss, etc. We also conduct regular training such as e-learning and raise awareness of personal information protection to ensure that all employees process personal information appropriately. As a physical control measure, we prevent unauthorized intrusion by managing entry to and exit from our facilities. We have also implemented measures to prevent theft and loss of devices that process personal information. As a technical measure, we use the latest security technologies to enhance the safety of our systems and devices.
If a leakage of personal information or similar incident occurs, we will investigate the facts and causes, and promptly implement measures to prevent secondary damage and recurrence of such incident.

XII. Your rights

You have certain rights with respect to your personal information under applicable laws. These rights include revocation of consent, access, correction, restriction of processing, deletion, prohibition of disclosure to third parties and objection to processing. If you make such a request, we will take steps to review the request and respond within a reasonable time as required by applicable laws. If you wish to exercise any of these rights, or if you have any questions about your rights, please contact us as described in Section XIII below.
You may also submit complaints about our processing of personal information to data protection authorities in accordance with applicable laws.

XIII. Inquiries

Should you have any inquiries regarding this Global Privacy Policy, please contact us at the email address below:
Email: JP00MB-privacy@global.komatsu

XIV. Amendments to this Global Privacy Policy

We may update this Global Privacy Policy as necessary. Any changes will be posted on this website.

Effective date: November 21, 2023
Last Updated: November 21, 2023