• Privacy Policy

Privacy Policy

I. General Information

We, Toray Industries, Inc. and our direct and indirect subsidiaries (jointly the “Toray Group”, hereinafter “we” or “us”) [a full list of all entities pertaining to the Toray Group, also showing the relevant contact information, can be found here], each of us being a controller for the data we collect, jointly forming the Toray Group, collectively use your information inter alia to manage and track our marketing efforts. Such information may be typically collected, when you exchange business cards with our staff during business meetings, at trade fairs or similar occasions or when you communicate with us, e.g. by email or letter or through a contact form on one of our websites. Some information will also be automatically obtained by us when you access our website on a device.

The protection of your personal information is of great importance to the Toray Group. In the following, we inform you about how we proceed (collect, use and share) with your personal information. We handle this personal information in accordance with applicable laws, regulations, and guidelines on the protection of personal information, and in accordance with generally accepted norms and rules regarding the same.

II. The types of data we collect (or obtain through our website) and process

We may collect and store (or otherwise process):

  • the name of your company including information about managers and employees (e.g. collected through business cards);
  • personnel (executives and employees) and shareholder information of your company;
  • personal information of shareholders (in the case of corporate shareholders, their officers and employees);
  • type of shares acquired and acquisition date, securities account information;
  • your parent department or company and division if applicable;
  • your company’s type, address, site, and website;
  • bank account information; and
  • your name, role and contact details, such as email address and phone number; and in some cases other personal data, that is business related, that you may disclose to us.

When you access our website on your device, our server automatically collects certain browser- or device-generated information (so-called “server log files”) including the followings:

  • date and time of access;
  • duration of visit;
  • your operating system;
  • volume of data sent;
  • type of access;
  • IP address;
  • domain name; and
  • browser information including version and language setting.

III. Purpose of use of data obtained through our websites

The collected information when visiting our website will be analyzed without identifying the individuals who provided the information. This information is used only for the following purposes: provision of services on the websites;
  • ensuring technical operations;
  • investigating and eliminating website malfunctions;
  • the provision of goods and services and the provision, investigation and consideration of information pertaining to goods and services;
  • transmission of Toray Group’s advertising messages and targeted advertising using Google, etc.;
  • analysis of attributes and behavioral history etc. obtained by Toray to understand customers´ interests, preferences etc., and the provision of information and marketing communication based on such analysis;
  • responding to customer inquiries; and
  • providing Toray Group’s products and services to customers in a safe manner, detecting users who are in violation of the Terms of Use and responding to such violations, investigating, detecting, preventing, and responding to fraud, unauthorized access, and other illegal activities that abuse Toray Group's services.
Through the contact forms that you can fill out on our websites to provide a question or comment, we collect the following personal information:
  • your name;
  • your e-mail address;
  • the content of your message;
  • the company you are working for and the department;
  • your address or the address of the company you are working for;
  • your phone number;
  • date and time of your message; and
  • IP address.

The collected personal information will not be disclosed to external third parties. We only use this personal information to reply to your enquiry as soon as possible. Otherwise, we will only use it if we have received your specific consent.
In addition, our website uses cookies. To learn more about cookies, please refer to our separate Cookie Policy.

We do in no case collect or process any personal data which falls under special categories of personal data listed in Art 9 of the GDPR or personal data from data subjects below the age of 16 (=children). However, if we become aware that we not knowingly have collected and handled information of a child, we will respond appropriately in accordance with applicable laws and regulations.

IV. Purpose of use of data not collected through the website

We will collect and use your data (not including data collected during the visit to our website, the purpose of use which is described above) only to the extent necessary to achieve the following purposes:
  • our engagement activity with you and your company;
  • execution of transactions (including those necessary for order placement, shipment, billing, deposits, and payments), and other measures related to agreements with Toray Group, communications, meetings and consultations with Toray Group, and management of claims and obligations;
  • notifications and reports to government agencies and organizations if we are legally obliged to do so (Art. 6 (1) c GDPR) and/or in order to protect and enforce our own legal interests (Art. 6 (1) f GDPR);
  • ensure our contact details are up to date;
  • develop a comprehensive view of our engagement activity with you and your company;
  • exercise rights and perform obligations under laws and regulations;
  • for investigations etc. necessary to ascertain and manage shareholders;
  • avoid duplicating meetings or communication on similar topics from a number of projects and functions within Toray Group;
  • understand and analyze the type and quality of our engagement activity with you and your company so we can improve it;
  • provide (information on) products or services;
  • send out Toray Group´s advertising messages; and
  • respond to any actions, questions, feedback or queries that you’ve raised with us.

V. Transfer of your data

We store your data on secure servers mainly within Europe, the US and Asia, including China and Japan. From time to time, our IT staff and the technical support staff of our sub-processors and IT service and hardware suppliers may have access to your data from outside Europe. We have strict controls over how, why and when they can do this. In general, such access is only granted as far as necessary for the maintenance of our systems and on a need-to-know-basis only. In any case, we will only transfer personal data to recipients that provide an adequate level of data protection or as permitted by applicable data protection laws by implementing appropriate safeguards, including, but not limited to the EU Commission Standard Contractual Clauses for the transfer of data to third countries, when needed. With respect to transfers to Japan we are also relying on the adequacy decision adopted by the European Commission on 23 January 2019. A copy of the safeguards can be provided to you at your request.

1. Personal information that may be jointly shared:

  • your name;
  • your e-mail address;
  • the content of your message;
  • the company you are working for and the department;
  • your address or the address of the company you are working for;
  • your phone number and fax number;
  • date and time of your message;
  • employer and division;
  • bank account information;
  • personal information of shareholders (including the above mentioned and their number and type of shares acquired and acquisition date, securities account information); and
  • access date and time, time spent on website, customers' operating system, transmitted data quantity, type of access, IP address, domain name, browser information (including version and language setting), message content, date and time message is sent.

2. Companies that your personal information may be shared with:

We will share your personal information mainly with the affiliated companies of the Toray Group listed in the URL link below:


3. Purposes of sharing your personal information:

  • respond to and handle customer inquiries appropriately;
  • provide customers with information regarding our products and services in connection with our business operation;
  • For research and development of new products and services;
  • provide Toray Group’s products and services to customers in a safe manner, detecting users who are in violation of the Terms of Use and responding to such violations, investigating, detecting, preventing, and responding to fraud, unauthorized access, and other illegal activities that abuse Toray Group's services;
  • the provision of goods and services and the provision, investigation and consideration of information pertaining to goods and services;
  • transmission of Toray Group’s advertising messages and targeted advertising using Google, etc.; and
  • analysis of attributes and behavioral history etc. obtained by Toray to understand customers´ interests, preferences etc., and the provision of information and marketing communication based on such analysis.

4. Name or appellation of the entity responsible for maintaining the shared personal information:

Toray Industries, Inc.

5. No sharing of your data outside of Toray Group

We need to manage our engagement activities properly to provide an effective service.
Your personal data is only shared across Toray Group in order to provide a good, timely service for you. Only authorized system administrators and designated users will have access to our system (including our databases) and thereby your data. Except as described herein the data we collect will not be resold or otherwise passed on to third parties outside of Toray Group.

6. Exceptionally provision of personal information to third parties

As a rule, personal information shall not be automatically disclosed to third parties, except where it is shared as described above. However, if we are compelled by laws and regulations, litigation and legal processes within or outside of your country of residence, or requests from the public and governmental authorities, and/or if we determine that the disclosure is necessary or appropriate for the purposes of national security, law enforcement, or other issues of public importance, it may be necessary for us to disclose your personal information. In addition, we may disclose your personal information if we determine in good faith that the disclosure is reasonably necessary to protect our rights and interests and to pursue available remedies, to enforce our terms and conditions, to investigate fraud, or to protect our operations or users.

VI. Tracking technologies that we use

Our website uses so-called tracking technologies. We use these technologies to optimize our offers and services for you. We use the following tracking technologies:

  • SanSan: SanSan is a multi-platform cloud-based contact management solution
  • Salesforce: Salesforce is a cloud based CRM services solution
  • Google Analytics: Google Analytics is a web analytics service that provides statistics and basic analytical tools for search engine (SEO) and marketing purposes
  • Marketo: Marketo is a marketing software as a service (SaaS) platform to help businesses assess and automate marketing tasks

VII. Links to other websites and third-party services

We may provide hypertext links from Toray Group’s websites to third-party websites or Internet sources, as shown below for illustration purpose. Since we have not examined the privacy policies of third parties and specific content at each link, we cannot be held liable for the content. Please read carefully the respective privacy policies to find out how they collect and handle your personal information.

Google-Maps (an example)
On certain individual webpages of our websites, we use the Google Maps API provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This service lets us show you where our offices are located for your easy access.
When Google Maps is embedded in a webpage, your IP address is transmitted directly to Google as soon as you visit the webpage, and a cookie is stored. You can obtain information about, and opt out of, data handling by Google anytime at:
https://policies.google.com/privacy?hl=en&gl=de .
If you do not agree to have your data transmitted to Google when using Google Maps in the future, you also have the option to disable the Google Maps web service completely by turning off JavaScript on your browser. This will fully disable the display of Google Maps on the websites.

VIII. Your subscription to newsletters

You need to provide your information including your name, email address and your company’s name to register for the newsletter. We send newsletter, emails and other electronic notifications with advertising material (referred to hereinafter as the “newsletter”) with the consent of the recipients or legal permission. Our newsletters usually contain information on our products, services, events, the relevant market and us. The newsletter registrations are recorded in order to be able to verify the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation and the IP address. The protocolling of the registration process is based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR. You may opt out of receiving our newsletter at any time, i.e. withdraw your consent. You can find a link to unsubscribe to the newsletter at the end of each newsletter.

IX. On what legal basis do we process your personal data

We will process your personal data based on performance of contract (Art 6 (1) b GDPR) if we are dealing with you as data subject in connection with an ongoing or starting business relationship, because this is necessary in order for us to supply services and/or goods to you (or the company you represents) and perform our contract with you or your company and/or taking steps at your request to enter into such a contract.
For such reason, in case you fail to provide us the required personal data, we may not be able to supply you with your desired goods and/or services, and our contract may not be performed in a proper manner.
In all other cases we will process our business contacts’ personal data based on our legitimate business interests (Art. 6 (1) f GDPR) or your consent given upon our requests (Art. 6 (1) a GDPR). We have an interest in cultivating contacts arising in the course of business even after the first contact, to use for establishing a business relationship and to stay in contact for marketing our services or providing communications which we think will be of interest to recipients. Furthermore, if you made an inquiry, our legitimate interest in the use of this service is to be able to answer user requests quickly and efficiently.

X. Security Measures

We handle your personal information in a manner that appropriately ensures its security (including protection against unauthorized or unlawful handling, accidental loss, destruction, or damage). Moreover, we use appropriate technical or organizational measures designed to protect your personal information effectively, and we integrate the protection measures into our company regulations to achieve this level of protection.
For example, our websites are cryptographically secured using Secure Socket Layer-encryption (SSL). This ensures a safe and secure data transfer between the browser and the server, so if your browser is not compatible with SSL-encryption technology, please download the latest compatible browser. If the address starts with “https://”, it indicates that a website is using the SSL-encryption technology.

XI. Notification of infringement of personal information

In case of a breach of security where your personal information is transmitted externally, stored, or otherwise handled due to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure thereof, or access thereto, we have mechanisms and company regulations in place to identify and investigate the event promptly. Depending on the outcome of our assessment, if an incident such as a leakage occurs, we will take appropriate actions under the circumstance, such as making reports to the supervisory authorities and contacting the individuals who may be affected.

XII. How long we keep your data

We keep your data for as long as we are engaged with you and your company and/or the period necessary to comply with our relevant legal obligations and to conduct our proper business operations.
We regularly review the data we hold to ensure that it’s accurate and updated. Once you ask us to delete your data or when an engagement closes, or when we no longer need that data, we will remove it from our databases unless we are under a legal obligation to keep the data for a longer period.

XIII. What rights you have

We recognize the right to access and rectify any personal data stored in our systems (in particular our databases), to those individuals concerned.

  • You have the right to obtain from us a confirmation as to whether or not your personal information is being handled, and, where that is the case, you can request a disclosure of the personal information and certain related information such as the purpose of the handling and the categories of personal information in question. This information has to be provided clear, transparent and easily understandable (right to be informed; Art. 15 (1), (2) GDPR),
  • You have the right to request us to delete certain data pertaining to specific circumstances and if the processing is no longer necessary in relation to the purpose for which it was originally collected (right to erasure, Art. 17 GDPR); Furthermore, you have the right to rectification and completion if you believe that the data concerning you is not correct (right to rectification, Art. 16 GDPR)
  • You have the right to the extent provided by the GDPR - request us to move, copy or transfer (where technically feasible) your personal information in a structured, commonly used and machine-readable format, for your own purposes across different services under certain conditions, unless there are legitimate reasons hindering us from undertaking such transmission (right to data portability, Art. 20 GDPR)
  • You have the right to object to the processing of your personal data (right to oppose, Art. 21 GDPR),
  • You have the right to request us to restrict or suspend our processing of your data in certain circumstances (right to restriction of processing, Art. 18 (1) GDPR)

To avail yourself of these rights, please contact us by emailing or writing to us and we will endeavor to respond within 30 days. Contact details can be found in the CONTACT Section below.

XIV. Right to lodge a complaint with a supervisory authority

If you are not satisfied with the way any complaint you make in relation to your personal information is handled by us as set forth in the preceding section or if you consider your data protection rights have not been respected, you can lodge a complaint with the relevant Data Protection Authority.
A list with the contact details of the respective Data Protection Supervisory Authorities can be found here:
You can also lodge your complaint with the relevant Lead Data Protection Supervisory Authority for the Toray EU, which is as follows:
Landesbeauftragter für Datenschutz und Informationsfreiheit des Landes Hessen
P.O. box 3163
65021 Wiesbaden
Gustav-Stresemann-Ring 1
2nd floor
65189 Wiesbaden
phone: +49 611 1408 – 0
fax: +49 611 1408 – 611
e-mail: Poststelle@datenschutz.hessen.de
online complaint form: https://datenschutz.hessen.de/service/beschwerde-uebermitteln

XV. Updates to this privacy policy

We shall observe all applicable laws, regulations, guidelines and any other standards related to our handling of personal information, and shall periodically review and improve this Privacy Policy. Any changes to the Privacy Policy will become effective upon the posting of the revised Privacy Policy on the websites.

XVI. Contact

If you have any further queries and complaints regarding data protection in connection with our websites or the services offered, please contact our internal data protection supervisor or our data protection officer.
You can contact our internal data protection supervisor by email:

The contact details of the Data Protection Officer of Toray EU are as follow: