Micron’s Approach to GDPR
Micron, Inc. (hereinafter referred to as “Our Company”), handles personal data (defined in 1 below) regarding individuals located in the EEA in an appropriate manner as follows:
It should be noted that a customer who processes medical data including the said personal data using Our Company’s corporate service may be a “Controller” subject to the General Data Protection Regulation (hereinafter referred to as “GDPR”), and Our Company may be a “Processor” subject to the GDPR Extra-Territorial Application. As a result, the customers are responsible for complying with all applicable laws and regulations, including the GDPR. Our Company does not provide the customers with legal or audit advice and warrant that their products or services are conformity in applicable laws.
1.Definition of Personal Data
“Personal Data” means any information concerning an identified or identifiable natural person.
“Identifiable natural person” means any person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier or one or more elements specific to the physical, physiological, genetic, mental, commercial, cultural or social identity of the natural person concerned.
2.Compliance with the Laws and Regulations Concerning the Handling of Personal Data
When handling personal data, Our Company complies with the laws and regulations of Japan, GDPR, and the laws and regulations of each country in the EEA region.
3.Transboundary Transfer of Personal Data
Japan received the adequacy decision (The framework for mutual and smooth transfer of personal data between Japan and the EU) in accordance with Article 45 of the GDPR on January 23, 2019. As a result, the transfer of personal data from the EEA to Japan no longer requires the conclusion of Standard Contractual Clauses (SCC) or Standard Data Protection Clauses (SDPC). However, Our Company can accept the transfer of personal data after concluding these clauses and conditions, if the customer desires.
In addition, Our Company will handle the transferred personal data in accordance with the data processing contract and Japan’s Personal Information Protection Act (including the “Supplementary Rule Regarding the Handling of Personal Data that has been transferred from the EU Based on the Adequacy Decision of the Act on the Protection of Personal Information”).
4.Management of Personal Data
Our Company properly manages personal data in accordance with the “Personal Information Protection Policy” and “Handling of Personal Information” below. In addition, Our Company has been received the PrivacyMark certification.
Michita Sato, President