Hitachi Construction Machinery Group Data Governance Policy
1 October, 2023
Hitachi Construction Machinery Co., Ltd. (together with its consolidated subsidiaries, “Hitachi Construction Machinery”, “We”, “Our” or “Us”) aims to be a good corporate citizen that, through the provision of innovative products and services, and continuing the manufacture and sale and provision of after-sale services for construction machinery and mining machinery (“Machinery”), contributes to building a prosperous society and is trusted by all its stakeholders.
As ICT and IoT have developed and spread in recent years, solution services that utilize the operational data collected from Machinery at construction and mining sites have been drawing attention. To address the issues faced by the Customers, such as improving safety and productivity and lowering life cycle costs, we will provide products and services that utilize big data and digital technology, and is taking initiatives to create new services and businesses.
Meanwhile, in countries and regions throughout the world, a variety of regulations regarding the protection of personal information and privacy are now the subject of debate, and such regulations are becoming stricter. We recognize protection of information obtained from the Customers to be the issue that needs to be managed with the highest priority, and is endeavoring to ensure that data protection measures are taken in the countries and regions where we do business.
To clarify the basic policy for the protection and utilization of the Customer data, we have specified the relevant information in this Hitachi Construction Machinery Group Data Governance Policy (this “Policy”).
Scope of Application
The content of this Policy specifies the processing of the Customer data held by Hitachi Construction Machinery Co., Ltd. and its consolidated subsidiaries. A “Customer” means an individual customer who uses Our products and services, or, where applicable, a company or an organization represented by a Customer, and the officers, employees, agents and representatives of such company or organization.
Customer Data to be Obtained
The Customer data to be obtained by Us includes a Customer’s name, address, telephone number, email address, bank account number, state of assets, information concerning construction and/or mining sites, numbers or character strings assigned to a Customer, information concerning products and services used by a Customer, information concerning web pages accessed by a Customer, and information concerning a Customer’s opinions, consultations and inquiries.
Further, through communication devices installed in Machinery, or by connecting diagnostic equipment to Machinery, we will obtain operational data that includes the following. The specifics of the operational data may differ depending on Machinery specifications and model.
- Operational time (e.g., hour meter)
- Information concerning vehicle operation (e.g., turning time, excavation time, loading time, soil unloading time, distance travelled, speed)
- Information concerning vehicle condition (e.g., hydraulic oil temperature, cooling water temperature, vehicle posture data)
- Information concerning motors (e.g., engine rotation speed, fuel consumption volume, motor rotation speed, electricity consumption volume, remaining urea water volume)
- Information concerning equipment conditions (e.g., pump discharge pressure, actuator pressure, control signals)
- Information concerning work volume (e.g., payload data, cycle time)
- Information concerning work environments (e.g., outside air temperature, elevation, weather)
- Location information
- Alarm information
- Information concerning Machinery maintenance (e.g., timing of filter replacements, implementation dates)
- Tuning information
- Codes and numbers unique to Machinery and its parts (e.g., model numbers, serial numbers, communication equipment information, parts adjustment values)
We may obtain personal information of a Customer in connection with Our operations. Details regarding personal information are explained in “Hitachi Construction Machinery Co., Ltd.: Regarding Protection of Personal Information.”
In the case where data obtained from a Customer falls under the category of personal information, the “Hitachi Construction Machinery Co., Ltd.: Regarding Protection of Personal Information” and any individual privacy policies that apply to Our products and services will have priority in application over this Policy as regards to the processing of such personal information, including the obtainment, use, transfer, disclosure and management thereof.
Methods of Data Collection
Regarding the products and services that we provide and the related workplaces, we obtain the Customer data using both online and offline methods, including the following:
(1) Collection from applications or platforms used on or through computers and mobile devices;
(2) Collection from communication devices installed in Machinery, or by connecting diagnostic equipment to Machinery, regardless of whether Machinery was manufactured by Us or another company;
(3) Collection by using cameras, microphones, sensors, and other equipment;
(4) Collection from Our dealers, component manufacturers, and business partners;
(5) Collection through wearable technology; and
(6) Collection from the system of the Customer or a third party through an application programing interface (API) or other method.
Purpose of Use of Data
The following are the expected purposes for which Customer data will be used.
| No. | Purpose |
| 1 | To provide Our services including Global e-Service, ConSite and API Service, and to provide information related thereto. |
| 2 | For Us to promptly reach sites where Machinery is located. |
| 3 | For Us to perform repairs, maintenance, after-sales services, recalls, retroactive measures, etc. with respect to Machinery. |
| 4 | For Us to propose Our products or services. |
| 5 | For Us to provide advice on the maintenance, management, and safety of Machinery. |
| 6 | For Us to provide reports on the operation and maintenance of Machinery in order to extend its life, avoid defects, reduce maintenance costs, etc. |
| 7 | To link Customer data to services provided by third parties designated by the Customer. |
| 8 | To conduct investigation, analysis, testing, and evaluation so as to provide solutions to malfunctions or problems with Machinery. |
| 9 | For Us to improve the content and systems in respect of after-sales services, solution services, and other support provided to all Our customers including the Customer. |
| 10 | To cooperate in the search for Machinery in the event of theft. |
| 11 | For Us and Our dealers to carry out their business purposes (including without limitation, research, development, design, engineering, production, sales, and provision and improvement of services). |
| 12 | To deliver or transmit print or email newsletters etc. |
| 13 | To hold seminars, events etc. and deliver or transmit information thereon. |
| 14 | To conduct surveys, investigations, statistical analysis etc. |
| 15 | To perform duties under laws and regulations, such as responding to court orders to submit documents, responding to inquiries or inspections by a tax official etc., and replying to investigation agencies. |
| 16 | To respond to inquiries. |
| 17 | To perform warranty services for Machinery, and to record inspections, maintenance and warranty services for products. |
| 18 | To exercise rights and defend against legal claims, including the early ascertainment of information on accidents involving Our products and services, investigation and handling of such accidents, and the prompt handling and resolution of any accidents and disputes. |
| 19 | To verify compliance with agreement terms and applicable economic sanctions, export controls, and other regulations. |
| 20 | For security countermeasures, including access restrictions and log acquisition. |
| 21 | To provide remote services such as troubleshooting or functional adjustment of Machinery from remote locations. |
| 22 | To bill, collect, and preserve claims relating to assorted fees pertaining to Our products and services. |
| 23 | To conduct marketing activities and analysis related to Our products and services (including analysis of the Customer’s information, purchase history, event etc. attendance records, website access records etc.; and marketing activities, based on such analysis, that are tailored to the interests of the Customer). |
Data Sharing
For the purposes set forth in this Policy, we may share the Customer data with the following third parties. We require that such third parties ensure the security of the Customer data and handle such data in accordance with applicable laws and regulations.
- Our dealers
- Organization to which the Customer belongs (if the Customer is an individual)
- The Customer’s prime contractors and site managers
- Business partners
- Service providers contracted by Us (including telecommunication service companies and cloud service providers)
- Manufacturers of product components, parts, materials
- Universities and research institutions
- Industry organizations to which we belong
- Rental companies, financial institutions, lease companies, and insurance companies contracted by the Customer
- Specialist entities contracted by Us, such as insurance companies, consultants, and advisors
- Experts such as attorneys, certified public accountants, and certified tax accountants
- Governments, competent ministries and agencies, police, courts, public organizations, and other regulatory authorities
Data Storage Periods
We will store the Customer data to the extent necessary to realize the purposes of use (including purposes such as meeting legal or accounting requirements). Taking into consideration factors such as the lifetime and characteristics of Machinery and demand for after-sale services, the operational data will, in principle, be stored for 30 years from the time that the production of the subject model ends. However, even in cases where the 30-year storage periods have not passed, if the lifetime of Machinery has ended, or if, for example, there has been no communication for a long time, and we, at its discretion, determine that there no longer is any reason to continue storing the data, We may erase or dispose of the operational data.
Security and Privacy Protection
We recognize security and privacy protection to be matters requiring the highest priority in relation to the utilization of data, and will establish the necessary rules and framework, and continuously operate and improve the same.
Commitment in Leadership
Managements will, without fail, continue to deepen their own understanding of current situations, and will actively engage in management that views privacy protection and cyber security not as a cost but as an investment. Further, managements will directly address risks and recognize them to be issues that need to be managed with the highest priority, and undertake the necessary countermeasures. Under the leadership of managements, appropriate resources will be allocated to cyber security and privacy protection measures, and efforts will be made to strengthen the security framework.
Global Data Protection Framework
Under the leadership of the Chief Information Security Officer appointed by the Representative Executive Officer, President and Executive Officer, COO, we are striving to establish and fully implement a framework for information management.
Specifically, we regularly provide education regarding information security to our employees and contractors and carry out self-audits regarding information security and personal information protection. Moreover, to guard against damage from cyberattacks and natural disasters, we are moving forward with measures such as the consolidation of core systems, migration to virtual servers and the cloud, and the hardening of servers. We are making efforts to strengthen information security management of overseas group companies under the “Global Information Security Management Rules” in accordance with the international security standards of ISO/IEC 27001.
Further, when using the Customer data, following the advice and guidance of the specialist departments and outside experts, and through the implementation of Privacy Impact Assessments, We engage in ex-ante and ex-post risk analysis and evaluation, and implements appropriate security countermeasures and data protection measures.
Global Data Sharing
We engage in business globally, and has a worldwide network for sales and after-sales services. There may be cases where data is transferred to Japan or another country or region that has data protection rules that differ from the rules of the country or region where a Customer resides. In such a case, we will comply with the applicable data protection rules and regulations, including cross border transfer rules, when transferring the Customer data.
Transparency and Options
Data provided by a Customer when the Customer uses Our products and services belong to the Customer. We will disclose information on how the Customer information will be processed, and make efforts to ensure that the Customers can manage and adjust the settings on how their information will be used.
Solution of Issues through Data
We aim to be a solution provider that contributes to solving issues faced by the Customers, by means such as improving safety and productivity and lowering the life cycle costs. Utilization of data is essential to learn more about the Customers and understand the issues faced by them.
By analyzing and utilizing data received from the Customers to develop new products and services, advancing after-sale services, proposing solutions, and otherwise, we will work with the Customers to solve their issues. In addition, looking ahead to future construction and mining sites, we will continuously develop and provide innovative technologies, products and services that will bring new value to the Customers.
