Nagase (Malaysia) Sdn. Bhd. (“NAGASE” or “we”) appreciates your visit to our website (our “Website”) and your interest in NAGASE, NAGASE Group, our services, and products. “NAGASE Group” means subsidiaries and affiliates of NAGASE set out in “NAGASE Group” section on the Website of Nagase & Co., Ltd (https://www.nagase.co.jp/english/company/group/).

NAGASE takes its responsibilities under applicable privacy laws and regulations seriously and respect the rights of the user that using our webpage. The user herein refers to an individual and/or company who submitting or providing their personal data to NAGASE (“you” or “your”). NAGASE recognises the importance of the personal data. The proper management and protection of your personal data shall be complied with applicable laws.

This Personal Data Protection Policy (this “Privacy Policy”) aims to give you (“you”, “Business Partners”, or “data subject” (including those who may become business partners, and including their officers and employees)) data on how NAGASE collects and processes your Personal Data (defined below) collected through our Website/s and/or offline activities and communications in the course of our business operations.

This Privacy Policy may be updated from time to time. We therefore ask you to check it periodically for updates. The top of the page indicates when this Privacy Policy was last updated.

This Privacy Policy applies to the personal data obtained by NAGASE. This Privacy Policy does NOT apply to data collected by any other third party, including through any application or content that may link to or be accessible from or on our Website/s (if any).

This Privacy Policy is subject to any additional terms of disclaimers or other contractual terms you have entered into with NAGASE such as client privacy statements or notices, and any applicable laws, regulations, and guidelines on the protection of Personal Data. Please be aware that for certain services, NAGASE may provide you with privacy statements in addition to, or in place of, this Privacy Policy, as appropriate.

In this Privacy Policy, the following terms have the following meanings: “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Process” or “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Under this Privacy Policy, you acknowledge that your Personal Data are collected by us with your consent or as allowed by applicable law to meet the legal requirement. We may process different kinds of Personal Data about you which we have grouped together as follows:

4.1. Identity Data includes name, national registration identity card number, passport details, pictures, country, company, company structure, position, designation, employer number, user account data, date of birth and gender.

4.2. Contact Data includes, email address, telephone numbers, office location address, billing address, emergency contact, delivery address.

4.3. Financial Data includes bank account, payment details and payment card details.

4.4. Technical Data includes internet protocol (IP) address, date and time of your access, time zone setting and location, browser type and version, your device identifies, your internet or wireless service provider and other technology on the devices you use to access this Website.

4.5. Health Data includes the any health information that would be generated by NAGASE’s service and/or products in connection with Landauer, and the analysis information that would be generated by NAGASE’s service and/or product in connection with Landauer.

We use different methods to collect Personal Data from and about you including through:

5.1. Direct interactions. You may give us your identity, Contact and Financial Data by exchanging business card, sending emails or filling in forms or otherwise.

5.2. Automated technologies or interactions. As you interact with our Website, we (and service providers acting on our behalf) will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Technical Data by using Cookies, web beacons or other similar tools. Web browsers are usually set by default to accept Cookies (including web beacons) but you may easily change this by modifying the settings of your browser. However, please note that should you choose to disable Cookies, you may be unable to use part of the functions of this Website.

5.3. If you do not agree to the use of Cookies, please select "Reject all Cookies" on our Cookie banner. However, essential Cookies cannot be rejected. You may change your consent/rejection selection at any time on the Cookie Settings page below.

6.1. The Personal Data collected by us from you would be stored within NAGASE’s internal computer systems and servers generally. In certain circumstances, we would use the online platform that known as “Salesforce”, a third-party customer relationship management (CRM) platform, for business and sales operations. When Salesforce is being used, the data are stored on Salesforce’s secure servers, which are located in data centres operated and maintained by Salesforce, Inc. in accordance with international data protection and security standards.

6.2. Salesforce provides a controlled access ability where only our authorised personnel such as members of the sales team or other designated employees who may log in via https://login.salesforce.com

6.3. To create and manage opportunities and related business data. All data entered into Salesforce are automatically stored within Salesforce’s system and are accessible only to users with proper login credentials and access rights as assigned by our internal data administrator.

6.4. Salesforce would also act as a data processor on behalf of us and is contractually bound to ensure that all personal data are processed in compliance with the applicable rules, and Salesforce’s Data processing addendum and security and privacy standards.

6.5. For the services and products that in connection with Landauer, your data archiving and retention are carried out in accordance with applicable laws.

6.6. For Websites, we adhere to the overarching principles of the Nagase Group Code of Conduct, which govern the management, retention, and ethical handling of all corporate and personal data accessible through the company’s online platforms.

6.7. For the services and products that in connection with Landauer, all archiving activities are authorised and overseen by the relevant laboratory personnel only, such personnel are responsible for ensuring that data archiving complies with applicable ISO and ATOM retention requirements. For the Website/s, the rights to approve and oversee data archiving rests with the personnel that with division head level and above only.

7.1. The purposes for which we use Cookies on our Website are as follows:

(1) to perform statistical analysis to understand how our Business Partners use our Website and to help us improve the structure and content of our Website;

(2) to analyse or compile statistics of the collected information and provide better products and services by bringing our products and services closer to the interests and needs of our Business Partners; and

(3) to analyse or compile statistics of the collected information and provide information on our products and services to our Business Partners and to conduct sales promotion activities.

7.2. The following tools are mainly used on our Website for the above purposes, and information may be provided to the tool providers.

7.3.Google Analytics Tool provider: Google Inc.

Google Privacy Policy: http://www.google.com/intl/ja/policies/privacy/partners/ Information collected through the tool: Information about website usage by our Business Partners (access status, traffic, routing, etc.)

7.4. Marketing Cloud Account Engagement Tool provider: salesforce.com, inc. Salesforce Privacy Policy: https://www.salesforce.com/jp/company/privacy/full_privacy/ Information collected through the tool: [Information about website usage by our Business Partners (access status, traffic, routing, etc.)]

7.5. Marketo EngageTool provider: Adobe Adobe Experience Cloud Privacy Policy: https://www.adobe.com/jp/privacy/experience-cloud.html Information collected through the tool: [Information about website usage by our Business Partners (access status, traffic, routing, etc.)]

7.6. Kairos3 Tool provider: Kairos Marketing Inc. Kairos Marketing Privacy Policy: https://www.kairosmarketing.net/corporate/personal-information Information collected through the tool: [Information about website usage by our Business Partners (access status, traffic, routing, etc.)]

7.7. List Finder Tool provider: Innovation X Solutions Innovation X Solutions Privacy Policy: https://faq.list-finder.jp/faq/1079 Information collected through the tool: [Information about website usage by our Business Partners (access status, traffic, routing, etc.)]

7.8. We do not collect following data from you:

• race, creed, social status, medical history, criminal record, record as a criminal victim
• physical handicap, intellectual handicap, mental disorder
• results of medical examination and other examination
• health guidance, medical treatment / dispensing information
• proceedings concerning criminal cases such as arrest and search, having the data subject as the suspect or the accused
• proceedings concerning protection cases of juveniles such as protective dispositions, having the data subject as a juvenile delinquent person or a person suspected to be a juvenile delinquent

We use different methods to collect Personal Data from and about you including through NAGASE (for its address and representative, please see https://www.nagase.co.jp/english/company/profile/) is responsible for the management of Personal Data shared among NAGASE Group. Below are the scenarios that we might collect your data from you directly: -

8.1. complete the online form that available on our Website/s (such as your name, company name, email, telephone number, contact information, inquiries information and other personal information that we needed);

8.2. your provision of information for our assessment to your needs of provision of goods and/or services as customer and/or supplier (such as background check results);

8.3. provide information to assess your suitability to be our customer (such as the name and contact information of the authorized representative);

8.4. interact with our staff face to face for further discussion (such as business card exchanging);

8.5. fill up designated information by request (such as your age, gender, marital status and etc);

8.6. contact us through our various platforms that available online.

In order to request disclosure of your Personal Data shared among NAGASE Group, or to make inquiries or complaints regarding the use of such information, please contact us in accordance with “How to Contact Us” below.

We may also disclose your Personal Data:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To protect life, body, or property, and when it is difficult to obtain consent of the data subject.
• To enhance public hygiene or promote sound upbringing of children, and when it is difficult to obtain a consent of the data subject.

We will process your Personal Data when the applicable law allows us to. Most commonly, we will process your Personal Data in the following circumstances, to the extent permitted by the applicable law:

• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.
• Where we need to perform the contract/s we are about to enter into or have entered into with you.
• Where applicable data protection laws require us to obtain your consent to such Processing of your Personal Data, we will ask for your consent. By purchasing our certain service, you need to fill in the customer registration form that designated by us. It would be kept by our personnel that with the need-to-know basis only. If you wish to withdraw your consent to Process your Personal Data, please contact us as set forth in the “How to Contact Us” section.

We use your Personal Data on the lawful basis above for the following purposes:

• For our internal staff administration, assessment and storage.
• For general customer administration such as account holding and recording.
• Notify and greet based on social customs.
• Provide you with information, products or services, whether online or offline.
• Enter into contracts with you and perform our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• Fulfil customer inquiries and respond to any problems that may arise, such as difficulties in navigating our Website or accessing certain features.
• Send samples, price quotations, products, and information.
• Develop new products and services.
• Send you newsletters, features, promotional material, surveys, and other updates.
• Analyse your interests based on your browsing history or buying history on our Website/s.
• Send you emails and/or postal messages with information about the brand and other content of NAGASE Group we think may be of interest to you.
• Develop and provide advertising tailored to your interests, including interest-based advertising.
• Personalize your experience on our Website/s by presenting products and information tailored to you.
• Evaluate and administer products and services of NAGASE Group.
• Gauge our customers' trends to determine what products and services are popular with our customers.
• Provide information relating to NAGASE Group’s business activities and for exchange of such information.
• Provide services relating to or connected to services other than those described above.
• Share your Personal Data among NAGASE Group internationally or locally for the purposes listed above or for administrative purposes inside NAGASE Group.
• Provision of processing services to you with or without making decision that affect you, for the purpose of uniquely identifying the health status of you.

11.1. Your Personal Data may be transferred cross-departmentally within NAGASE Group of Company as necessary to facilitate legitimate business functions and to ensure efficient handling of customer or business enquiries whether online or offline. We as a distributor in business, your collected Personal Data may also be transferred to third parties, including upstream suppliers, manufacturer, where such disclosure is necessary to perform contractual obligations, fulfil customer requests, or support operational processes. All such transfers are performed under strict confidentiality obligations and in compliance with the applicable laws. For the case in connection with Landauer, your Personal Data may, however, be transferred to ATOM, the relevant local authority, where such disclosure is required for regulatory, compliance, or operational purposes.

11.2. Generally, your Personal Data may be disclosed or transferred within Malaysia internally, where necessary, to other countries in connection with sourcing, supplier management, and legitimate business operations. Such transfers may include, but are not limited to, the following regions and countries such as China, Taiwan, Republic of Korea, European Union, United States of America, Southeast Asian countries etc. We would use our effort to ensure that adequate safeguards and contractual protections are in place to protect the integrity and confidentiality of all transferred data.

11.3. Prior to transferring any Personal Data to a foreign country or to a third party outside Malaysia, the relevant personnel shall conduct Transfer Impact Assessment (TIA) and/or any similar assessment to evaluate the potential impact of such transfer on the protection of Personal Data. The assessment shall consider

• The legal framework and data protection laws of the recipient country;
• The nature and sensitivity of the Personal Data involved;
• The obtain the written consent of you;
• The purpose of the transfer and its necessity;
• The security measures implemented by the data importer.

12.1. We may disclose certain categories of your Personal Data as may be necessary for the purposes stated above when the applicable laws. Where personal data collected by us would be shared with authorised external service providers, suppliers, manufacturer or business partners for the purpose of managing enquiries, processing transactions, or supporting legitimate business operations. For the services and products that applicable to the Landauer, where periodic submissions or reports shall be made in compliance with regulatory of the applicable laws.

12.2. Generally, we use the Salesforce platform for business operations. In this context, we secure server infrastructure to store and manage personal and business data input by us. Such information shall be shared internally within the Nagase Group only among authorised personnel who have been granted appropriate access rights within the Salesforce system. This internal data sharing does not include Nagase Group entities located in China and the United States, as these regions are expressly excluded from the current data access scope.

12.3. The Personal Data disclosures to third parties or business partners are subject to formal data sharing agreements or equivalent contractual arrangements. Where such agreements are not yet in place, we would ensure that the relevant person-in-charge obtains the necessary data sharing agreement or written undertaking from the receiving party prior to any regular or ongoing exchange of personal data. As for the Landauer’s services and/or products, the regular disclosure of Personal Data to ATOM (Local Authority) is governed by ATOM’s own data protection laws and data sharing regulations, which establish the legal framework and security obligations applicable to all personal data transfers. We adhere these statutory provisions when sharing data with ATOM and ensures that all disclosures are limited to what is necessary and permitted under law.

12.4. By submitting the information to the Website/s, you shall need to click to agree with this Privacy Policy to ensure that you are clearly informed of potential disclosures of your personal data to authorised third parties, such as suppliers or service providers. For Landauer’s products and services, we would provide you customer registration forms, informing individuals that their personal data may be shared with ATOM (Local Authority) and other authorised parties as required by applicable regulations.

12.5. In the event of successfully dealing, a written notification would be provided by us to you to ensure that you are informed in advance of possible disclosures made under lawful or regulatory circumstances, in compliance with the applicable laws.

13.1. Withdrawing Consent
You may withdraw your consent for the collection, use and/or disclosure and/or request deletion of your personal data in our possession or under our control by sending an email to us. We will process such requests in accordance with this Privacy Policy.

13.2. Requesting Access to or Correction of Personal Data
You may request to correct your personal data currently in our possession or control by submitting a written request to us. We will need enough information from you in order to ascertain your identity as well as the nature of your request so as to be able to deal with your request.

14.1. In general, all the collected Personal Data shall be retained only for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, accounting, or regulatory requirements. Upon expiry of the applicable retention periods, such data shall be securely deleted, anonymised, or destroyed to prevent unauthorised access or use.

14.2. As for the Landauer products and services, personal information is being retained in accordance with applicable ISO standards and ATOM archiving policies.

15.1. The responsibility for reviewing and maintaining Personal Data to ensure its relevance, accuracy, and currency lies with our personnels within the term that designated by us solely. They shall obligate to verify Personal Data collected, stored, and processed within our system under this Privacy Policy.

16.1. We maintain combination of physical, administrative, and technological security measures to protect all information, including personal data, from unauthorised access, alteration, disclosure, or destruction.

16.2. All servers and core IT equipment are kept in restricted access working areas, protected by keycard or password entry systems and monitored by CCTV. Only authorised IT Division personnel are permitted to access the server rooms or network control areas. Any outsiders access to secure zones is recorded and supervised at all times.

16.3. Personal Data’s handling shall strictly subject to the Nagase Group Code of Conduct and internal IT policies. Our personnel are required to comply with confidentiality obligations and sign non-disclosure or data protection undertakings where relevant. Access rights to data systems are granted on a need-to-know basis and reviewed periodically by authorized person only.

17.1. In accordance with our internal Cyber Security Policy, affected individuals shall be notified if a breach involving your Personal Data with the risks of significant harm. The notification will be issued after verification of the incident and will include information on the nature of the breach, potential impacts, and recommended protective measures. We adhere fully to our internal policy for detection, reporting, and notification of data breaches.

18.1. We may transfer your Personal Data overseas. When we transfer Personal Data overseas, we have put in place appropriate safeguards, such as contractual commitments (using the format required under applicable data protection law, if any), in accordance with applicable legal requirements to ensure that your Personal Data is adequately protected.

If you exercise your rights that are referred to in this Privacy Policy or you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us from our Website/s titled “Inquiries”.

Alternatively, you can contact us in writing at: Nagase (Malaysia) Sdn. Bhd. Level 11, Menara Southpoint, Medan Syed Putra Selatan, 59200 Kuala Lumpur/
Email: enquiry@nagase.com.my