Toppan Europe GmbH and its branches (the "Company") have firm commitment to respect your privacy in accordance with EU General Data Protection Regulation ("GDPR"):
Thus, it hereby publishes its Privacy Policy (the "Policy"). Regarding the Company’s parent, or its subsidiaries (other than the Company) inside or outside of the EEA, please refer to their website.

  • Your rights of Data ProtectionWe respect your rights to Personal Data as follows:
    • A) Access: You have the right to request information on your Personal Data that the Company Processed and information related to your rights and to obtain a copy of your stored Personal Data. (The contact details are specified in Paragraph 2A) and 2B) below).
    • B) Accuracy and Rectification: the Company seeks to ensure that Personal Data are accurate, complete and kept up-to-date to the extent necessary for the applicable Purposes. If the Personal Data are incorrect, incomplete or not Processed in compliance with GDPR, you have the right to have your Personal Data rectified, deleted or blocked (as appropriate) by contacting the Company.
    • C) Right to be forgotten(GDPR§17): You have the right to obtain from the Company the erasure of your Personal Data without undue delay unless the Company have legal obligation or find public interests or other clear compelling or legitimate interests to maintain the Personal Data.
    • D) Right to withdraw consent(GDPR§7(3)):
      If you have given consent to the processing of your personal data, then you can withdraw such consent at any time. Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent is unaffected.
    • E) Right to restrict the processing(GDPR§18):
      Under certain conditions, you have the right to request that processing be limited. The requirements are:
      • The accuracy of your personal data is contested by you and the Company must verify the accuracy of the personal data;
      • The processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
      • The Company no longer needs the personal data for the purposes of processing, but you require the data to establish, exercise or defend your legal claims;
      • You have objected to processing pending the verification of whether the legitimate grounds of the Company override your legitimate interests;
    • F) Right to object to Processing (GDPR§21):
      You have the right to object to the processing your personal data on grounds relating to your particular situation if we process your personal data on grounds of legitimate interests or in the public interest. Insofar as we base the processing of your personal data on a balancing of interests, we generally assume that we can demonstrate compelling legitimate ground but will, of course, examine in each individual case. In the event of an objection, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing of these data that override your interests, rights and freedoms, or your personal data serves the establishment, exercise or defense of legal claims. In addition, you have an unrestricted right to object if we process your data for our direct marketing purposes.
    • G) Right to object to automated individual decision-making, including profiling (GDPR§22) :
      You have the right not to be subject to a decision based solely on automated Processing, including Profiling, which produces legal effects on you or similarly significantly affects you unless the decision is:
      1. necessary for entering into, or performance of, a contract between you and the Company;
      2. authorized by European Union or Member State law to which the Company is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
      3. based on your explicit Consent.
    • H) Right to data portability (GDPR§20) :
      You have the right to receive your Personal Data, which you have provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another company without hindrance from Company to which you have provided, where:
      1. the Processing is based on Consent or on a contract; and
      2. the Processing is carried out by automated means.
    • I) Right to lodge a complaint with a supervisory authority
      You have the right to lodge a complaint with a supervisory authority.
  • Details of the Processing of your Personal Data
    • A) Controller: Toppan Europe GmbH
      Toulouser Allee 19a, 40211 Dusseldorf, Germany
      Contact Details: See below
    • B) Data Protection Officer and Data Protection Staff:
      Phone number: +49-(0) 211 732 760-0 (Monday to Friday (CET: 9am-5pm))
      FAX: +49 (0) 211 7327 60299
      E-mail address: dpo [@] toppan-europe.com
    • C) Unless otherwise communicated by the Company, the purposes of the Processing for which Personal Data are intended as well as the legal basis for the Processing are as follows:
      1. If you are a customer, or a potential customer;
        Purposes The purposes are conventional marketing and electronic dissemination of our products, technology, events and other business opportunities, customer services and those listed in Annex 1(a)
        Legal basis The legal basis is as follows:
        • (1) "legitimate interests". We will make best efforts to maintain good balance between the legitimate interests and the right to privacy.
        • (2) The legal basis is the performance of a contract to which the customer is party or in order to take steps at the customer’s request prior to entering into a contract.
      2. If you are a vendor or a potential vendor;
        Purposes The purposes are to assess quality and the fitness of your products and services in relation to our Company business.
        Legal basis The legal basis is as follows:
        • (1) The legal basis is "legitimate interests". We will make best efforts to maintain good balance between the legitimate interests and the right to privacy. .
        • (2) The legal basis is the performance of a contract to which the vendor is party or in order to take steps at the customer's request prior to entering into a contract.
      3. If you are an applicant for employment at our Company;
        Purposes We will evaluate your talent, fitness to the job and potential disadvantages and to compare them with other candidates.
        Legal basis The legal basis is that the processing of the personal data is
        • (1) necessary for the hiring decision; and
        • (2) Consent.
    • D) Category of Personal Data:
      Unless otherwise communicated, the categories of Personal Data are as follows:
      1. If you are a customer, a potential customer, a vendor, or a potential vendor, the information on your business card and the information contained in your e-mails as well as those information listed in Annex 1(a).
      2. If you are an applicant for employment at our Company: Information listed in Annex 1(b).
    • E) The recipients or categories of recipients of Personal Data, if any:
      1. If you are a customer, or a potential customer, the recipients of your Personal Data will be our sales representatives, their supervisors and assistants as well as our distributors (including trading companies) and agents.
      2. If you are a vendor or a potential vendor, the recipients of your Personal Data will be our employees and directors in the purchasing departments and any administrative departments.
      3. If you are an applicant for employment the recipients of your Personal Data will be our employees and directors in the HR departments and any administrative departments as well as the department to which the applicant may be assigned.
    • F) Where applicable, the fact that the Controller intends to transfer Personal Data to a third country:
      The Personal Data collected may be transferred to the following recipients or categories of recipients.
      • The Personal Data may be transferred to the group companies in the following countries:
        Japan: Toppan Inc.
        U.S.A.: Toppan USA, Inc., Toppan Interamerica Inc.
        Hong Kong: Toppan Printing Co., (H.K.) Ltd.
        China: Toppan (Shanghai) Management Co., Ltd., Toppan Leefung Packaging (Shanghai) Co., Ltd., Shanghai Toppan Printing Co., Ltd.
      • Carrier (transport and logistic companies) (including postal and courier service providers)
      • The Company’s distributors (including trading companies) and agents.
      • Government (Japan).

      The transfer is mainly justified by the Data Transfer Agreement in the Standard Contractual Clause ("SCC") published by the European Commission. You can obtain a copy from us a copy of the specific applicable or agreed provisions to ensure an adequate level of data protection. To do so, you can request a copy of the provisions by contacting the persons indicated in 2.B) above. The countries and the territories of the recipients listed above, except Japan, have not been decided by the Commission that the country, a territory or organization in question ensures an adequate level of protection. The Company and the group companies outside the EEA shall make best efforts to ensure that the recipients should Process Personal Data at the comparable or similar level to that GDPR to the extent that GDPR applies. You have access to your Personal Data and the information on the data protection in those countries through the contact persons indicated in 2.B) above.

    • G) The period for which Personal Data will be stored: COMPANY generally shall retain Personal Data for the period required to serve the applicable Purpose (GDPR§5(1c), and Preamble (78)), and for the period:
      1. required by law, courts or authorities including applicable legal hold and litigation document preservation requirements, or by contracts and agreements;
      2. as advisable in light of an applicable requirement to acquire or preserve intellectual property rights or other rights or privilege;
      3. as necessary to acquire or preserve legitimate interests of the Data Subject, the COMPANY or a third party;
      4. as advisable in light of an applicable statute of limitations;
      5. regarding employees, the period of the employment and 3 years afterwards, and regarding candidates who were not hired, 6 months after the decision concerning the hiring; or.
      6. the Personal Data contained in or attached to the accounting documents shall be retained for 10 years;
      7. all other documents that are found to have been kept for 10 years shall be presumed to be unnecessary and thus shall be subject to the following paragraph..

      Unless the Data Protection Officer decides otherwise, promptly after the applicable retention period has ended, the relevant Personal Data shall automatically be:

      1. securely deleted or destroyed;
      2. anonymized; or
      3. set to Archived.

      The Archived Personal Data is only permitted for the purposes of public interests, academic and historical research and for statistical purposes.

    • H) Legitimate Interest
      Where the Processing is based on the legitimate interests pursued by the Controller or by a third party, what the legitimate interests are? See above 2.C.
      1. If you are a customer or a potential customer: the following are legitimate interests of the Company: conventional direct marketing and other forms of marketing and advertisement including dissemination of information on products, services, promotion, campaign, events and other business opportunity by email transmission, extensive meetings and other communications.
      2. If you are a vendor or potential vendor, it is a legitimate interest of the Company to assess quality of and the fitness of your products and services in relation to our Company’s business.
    • I) Is providing Personal Data a statutory or contractual requirement?
      The Company shall communicate:
      1. whether the provision of Personal Data is a statutory or contractual requirement, or
      2. a requirement necessary to enter into a contract;
      3. whether you are obliged to provide the Personal Data and
      4. of the possible consequences of failure to provide such data
    • J) The Company does not have the automated decision-making including profiling.
  • List of Personal Data to be collectedThe Company may be led to Process various kinds of customer, potential customer, vendor, potential vendor, employee and applicant Data, and some other data for a range of purposes. These categories of Personal Data Processed and the Purposes for which they are Processed are described in Annexes 1(a) and 1(b).
  • Grounds for PROCESSINGThe Company "Processes" "Personal Data" only if one of the following six conditions under GDPR is met.
    • A) You have given Consent to the Processing of your Personal Data for one or more specific purposes.
    • B) Processing is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract.
    • C) Processing is necessary for compliance with a legal obligation to which Company is subject.
    • D) Processing is necessary in order to protect the vital interests of you or of another natural person.
    • E) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.
    • F) Processing is necessary for the purposes of the "legitimate interests" pursued by the Company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

    The Processing of Personal Data of employees or applicants takes place on the following grounds:

    1. Processing is necessary for hiring decisions or after hiring, for carrying out or terminating the employment contract, or

      In the context of our business or employment relationship, you need to provide only the personal information data that is required to enter into a contractual relationship or that we are required to collect by law. Without this data, we will generally have to refuse to enter into the contract or to execute the order, or we will be unable to perform under an existing contract and possibly may have to terminate it.

    2. the processing is necessary to investigate crimes only if there is a documented reason to believe the data subject has committed a crime while employed, the processing of such data is necessary to investigate the crime and is not outweighed by the data subject’s legitimate interest in not processing the data, and in particular the type and extent are not disproportionate to the reason.
    3. The legal basis for the processing of special categories of personal data in an employment relationship is where processing is necessary for the purposes of carrying out the obligations and exercising the rights of you or the Company in the field of employment law, social security and social protection law and there is no reason to believe that the data subject has an overriding legitimate interest in not processing the data or where is necessary assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment.
    4. You have given Consent to the Processing of your Personal Data for one or more specific purposes.
  • Change of the Purpose of ProcessingGenerally, Personal Data shall be used only for the Purposes listed hereunder and in Annexes 1(a) and 1(b) for which they were originally collected ("Original Purpose"). Personal Data may be Processed for a legitimate Purpose other than the Original Purpose ("Secondary Purpose") only if
    • the Original Purpose and Secondary Purpose are compatible or
    • the Processing is necessary to prevent threats to state or public security or
    • to prosecute criminal offences or
    • for the establishment exercise or defence of legal claims
    • unless the data subject has an overriding interest in not having the data processed..

    Where Company intends to further Process the Personal Data for a purpose other than that for which the Personal Data were collected, Company shall provide you prior to that further Processing with information on that other purpose and with any relevant further information as referred to in the above Paragraph 2 and Paragraph 1.D..

  • Data security, Minimization, Transparency and ComplianceTaking into account the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms, the Company shall implement appropriate technical and organizational measures to ensure and to demonstrate that Processing is performed in accordance with the GDPR. Those measures shall be reviewed and updated where necessary.Where Processing is to be carried out on behalf of a Company, the Company shall use only Processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that Processing will meet the requirements of GDPR and ensure the protection of the rights of the Data Subject.