Data protection and privacy policy

This Data protection and privacy policy covers the PANASONIC Global Compliance Hotline EARS ( “EARS” or “this service”) set up to enable the reporting of suspected compliance violations.

In line with the requirements of data privacy protection regulations of some countries, this Notice sets out how personal data is processed, for which purposed, how long we hold the personal data, how to access the personal data and where to go for further information. This includes personal data relating to you when you submit a report, as well as personal data about those individuals against whom an allegation has been made or those who have been identified as having information about the allegation.

You are being asked to read and accept the terms contained below. If you do not wish to accept the terms below, we are unable to accept any information through EARS and suggest you report this matter directly to your supervisor or manager or to a representative of the Human Resources, Legal & Compliance Departments, relevant functional teams in your company, or to the Compliance team in the Panasonic subsidiary which is in charge of your region (PEX Overseas) (see Section 2 and 8 below), depending on the nature of the possible violation.

General

The PANASONIC Global Compliance Hotline EARS is a web and phone-based intake system for Panasonic Holdings Corporation and its subsidiaries (jointly referred to as "Panasonic") provided by Panasonic Operational Excellence Co. Ltd. , 1006, Kadoma, Kadoma-shi, Osaka 571-8501, Japan (“PEX”) to employees, directors/officers, vendors, suppliers and business partners of the Panasonic group (“Reporters”) for reporting suspected violations of laws or regulations, Panasonic Group Code of Ethics & Compliance or company policies. EARS is operated by a third party provider, NAVEX, through its EthicsPoint service.

Use of the PANASONIC Global Compliance Hotline

  • Is it mandatory to report through the Hotline “EARS”?

Use of EARS is entirely voluntary.

You are encouraged to report possible violations directly to your supervisor or manager, or to a representative of the Human Resources, Legal & Compliance Departments, relevant functional teams, or other local channels, depending on the nature of the possible violation. You can also report to the Compliance team in the Panasonic subsidiary which is in charge of a specific country or region (“PEX Overseas") or to the responsible employees in the Panasonic Operating Company who is responsible to control and manage your employing company. Please see information made available to employees through regional or local Intranets or similar as well under Section 8 below.

You can also use this service to make your report.

  • What can you report through EARS?

This service is a confidential reporting system that allows you to report suspected violations of law or company policies, as well as other concerns you may have, to Panasonic.

In certain countries, applicable legislation only allows Panasonic to accept reports through EARS that relate to certain matters, such as financial, accounting, auditing, bribery, competition law, discrimination and harassment, environment, health, hygiene, and safety matters and other suspected serious misconduct. Purely private matters should not be reported through EARS.

Once you have chosen your region and country, you will be given a list of matters which can be reported. If your concern pertains to a matter that under local law, may not be accepted by Panasonic through EARS, you will need to contact any of the other channels for reporting available to you as described above and also in Section 8 below.

Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that you believe is true. You will not be subject to retaliation from PANASONIC for any report of a suspected violation that is made in good faith, even if it later turns out to be factually incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated.

  • Who can be reported through EARS?

EARS can be used to report all issues connected with work at the Panasonic Group as relates to all employees, directors/officers, vendors, suppliers and business partners of the Panasonic Group.

In some countries the categories of persons who can be reported may be limited to persons in key positions or managerial roles in a company. Should this be the case, you will need to contact any of the other channels for reporting available to you as described above and also in Section 8 below.

What personal data and information is collected and processed?

EARS captures the following personal data and information that you provide when you make a report:

  1. your name and contact details (unless you report anonymously) and whether you are employed by Panasonic;
  2. the name and other personal data of the persons you name in your report if you provide such information (i.e.: description of functions and contact details);
  3. a description of the alleged misconduct as well as a description of the circumstances of the incident; and
  4. your location of and the location where the alleged misconduct took place so that any applicable local laws can be applied in gathering information and undertaking any investigation.

We encourage you to identify yourself in order for us to follow up with questions we may have, but anonymous reports will be accepted (unless not possible under local law). The information you submit will be treated confidentially except in cases where this is not possible because of legal requirements or in order to conduct an investigation, in which case the information will be handled sensitively.

Unless this is strictly required in order to make a report, please do not share any sensitive personal data through EARS, such as data regarding racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Who is responsible for any personal data collected?

PEX, PEX Overseas in your region, along with your employing company, either solely or jointly with other companies within the Panasonic Group, are responsible for the personal data collected. For EU, EEA, UK and Servia, the Group Companies operate the Whistleblower System as joint controllers in accordance with Art. 26 EU General Data Protection Regulation (GDPR).

Further information can be obtained from the relevant contact in your region, see Section 8 below, or region-specific information about EARS made available to employees through regional or local Intranets or similar.

How will the personal data and information be processed after your report?

Panasonic will process the above personal data for the purposes of ensuring compliance with applicable legislation and internal policies, managing Panasonic’s own defense in case of legal claims and ensuring the well-being of personnel of the Panasonic group. This data will be processed on the basis of our need to compliance with our legal obligations, including an obligation to maintain Whistleblower Hotlines, and our legitimate interest to investigate reports of alleged misconduct and infringements of laws and internal policies to enable Panasonic to pursue the above purposes as well as to comply with any legal obligation to which Panasonic is subject.

For the purpose of processing and investigating your report and subject to the provisions of local law, the personal data and information you provide may be accessed, processed and used on a need to know basis by the relevant personnel of Panasonic, including Human Resources, Finance, Internal Audit, Legal & Compliance, management, external advisors (e.g. legal advisors. Those individuals may be located in the United States, the United Kingdom, Europe or elsewhere. If you are based in Europe, except if you belong to the Panasonic Avionics Group, information will only be shared with individuals located within Europe and Japan. If you are based in the Commonwealth of Independent States (CIS), information will only be shared within individuals located within Europe, CIS and Japan. In addition, information may be processed in limited circumstances by technical staff at NAVEX for administrative services and, for the purpose of translation, by translators/interpreters at NAVEX, its subsidiaries, including at NAVEX’s call center in Portugal, or subcontractors. Those individuals may be located in the United States, the United Kingdom, in the EU/EEA or elsewhere.

The personal data and information you provide in the report will be stored in a database which is located on servers hosted in Germany and Netherlands and operated by GCS Compliance Services Europe Unlimited Company trading as NAVEX, an Irish company with principal place of business in United Kingdom, a subsidiary of NAVEX. NAVEX has entered into contractual commitments with PEX to secure the information you provide in accordance with applicable law. NAVEX is committed to maintaining stringent privacy and security practices including those related to notice, choice, onward transfer, security, data integrity, access, and enforcement. All subcontractors used by NAVEX to provide the Hotline have to be pre-approved by PEX and NAVEX must impose equally stringent privacy and security measures on its subcontractors.

Personal data and information you provide may also be disclosed to the police and/or other enforcement or regulatory authorities in accordance with applicable law. The relevant bodies that receive and process personal data can be located in the US or in another country that may not provide the level of data protection available in the EU.

Where we transfer your personal data outside the country in which you are based, we will ensure that suitable safeguards are put in place to ensure that the recipients provide an adequate level of protection to your personal data in accordance with applicable law.

You may request additional information in this respect and obtain a copy of the relevant safeguards in place through sending a request to the relevant contact for your region, see section 8 below.

The personal data you provide will be kept as long as necessary to process your report, or, if applicable, as long as necessary to initiate sanctions, until the reported offences (if any) are time-barred or to meet our legal, judicial or financial needs.

Can anybody else access my report?

Your report will be kept confidential and only shared as necessary for proper follow-up of your report or to comply with local laws.

In some regions, Panasonic may have a legal obligation to notify any person who is the subject of a report to EARS, except where notice needs to be delayed to ensure the integrity of the investigation and preservation of relevant information.

With some exceptions, the subject of the report may, also in some regions, access information concerning the report and request correction of personal data that is inaccurate or incomplete in accordance with applicable law. If the subject of the report is given access in accordance with applicable law, Panasonic will not disclose your identity (if you have provided) unless required by local law.

Panasonic will not tolerate retaliation by any Panasonic employee against persons who makes a report of a suspected violation in good faith. Employees attempting retaliation will be subject to disciplinary action up to and including dismissal.

What are your rights under data protection legislation?

Similarly, with some exceptions, reporters may also access information about the report and request corrections of their personal data subject to the conditions and limitations set out in the applicable law.

Further information can be obtained from the relevant contact for your region, see section 8 below.

If you are based in Europe, your rights under the General Data Protection regulation (“GDPR”) or other applicable data protection legislation include the right to access your personal data and obtain a copy thereof, the right to request the correction or update of any inaccurate personal data and the right to object to or restrict the processing of your personal data under the conditions set out in the GDPR. You also have the right to request the erasure of your personal data under certain conditions. In addition, you also have the right to data portability in certain cases. This is the right to request the return of the personal data you have provided to us in a structured, commonly used and machine-readable format and to request its transmission to a third party, where technically feasible, without hindrance from us and subject to your own confidentiality obligations.

If you wish to exercise any of the above rights, you may contact Panasonic at:

compliance.panasoniceurope@eu.panasonic.com.

You can also contact the Panasonic entity you are or were employed with or are doing business with.

We will respond to your request without undue delay and no later than one month from receipt of any such request, unless a longer period is permitted under the applicable data protection laws.

In addition to your rights outlined above, you may raise issues with your local data protection officer (if any) if you are not satisfied with how we process your Personal Data. Please refer to the privacy notice for your company for details of the local data protection officer (if there is one) and also for the details of your local data privacy authority. Alternatively, we will provide you with the contact details, where applicable, immediately upon request by contacting Panasonic Europe Compliance Team:

compliance.panasoniceurope@eu.panasonic.com.

You may also file a complaint with the competent supervisory authority:

Further information can be obtained from the relevant contact for your region, see section 8 below.

Who can I contact for further information?

You may contact below with any questions relating to this Notice or this service as follows:

Global contact

Compliance Operation Department, Panasonic Operational Excellence Co. Ltd.

e-mail: kigyorinri@ml.jp.panasonic.com

Europe and CIS region:

Panasonic Europe BV, Eurocenter II - Barbara Strozzilaan 384, 11th Floor - 1083 HN. Amsterdam (Netherlands)

Panasonic Europe Compliance Team:

e-mail: Compliance.PanasonicEurope@eu.panasonic.com.

< Items to be disclosed based on Act on the Protection of Personal Information in Japan >

In accordance with Act on the Protection of Personal Information in Japan, the following items are disclosed. Panasonic Operational Excellence Company (PEX) may, jointly with specific parties, utilise the personal information of the reporter and those of any person related to a report in accordance with the following conditions.

  1. Scope of the joint users The Panasonic Group (Panasonic Holdings Corporation and its subsidiaries)
  2. Purpose of joint use of parties Review and investigation of the report
  3. Items of personal information used jointly The reporter’s name, telephone number, etc., personal information contained in the report, and other personal information necessary to achieve (ii) above
  4. The name of the individuals or business operators for the control of personal information to be used jointly 1006 Oaza Kadoma, Kadoma-city, Osaka, Japan Panasonic Operational Excellence Co. Ltd. Representative: Mototsugu Sato

I have read this Notice and understand that by submitting a Report, I also consent to the processing of my personal information as described in this Notice.