Personal Data Protection Policy (For Residents of Europe)
For those who live in countries within the European Economic Area (Countries that make up European Union, Iceland, Liechtenstein, Norway) (hereinafter, “Provider”),
The following terms in Personal Data Protection Policy (hereinafter, “the Policy”) have the meanings as defined below; provided, however, that the terms in Article 4 of General Data Protection Regulation (hereinafter, “GDPR”) shall apply when these terms are not defined in the Policy.
- “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter, “Data Subject”);
- “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means;
- “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
2. Purpose of Use
Provider’s Personal Data the Company obtains is used for the purposes defined in the Company’s “Handling of Personal Information”, and treated lawfully, fairly and in a transparent manner. Also, Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. When the Company treats Provider’s Personal Data for the purposes other than the foregoing purposes, it will notify them of these purposes and other necessary matters in laws in advance, and it will obtain their consents.
3. Withdrawal of consent
Provider has the right to withdraw his or her consents at any time. The withdrawal of consents shall not affect the lawfulness of processing based on consent before its withdrawal.
4. Data Protection
The Company evaluates overall risk of infringements of Personal Data in consideration of the types of Personal Data, sensitivity, and the degree to which damages affect Provider economically and mentally when Personal Data is infringed illegally to prevent leakage, theft, destruction, improper access, and improper alteration. The Company implements manual, organizational and technical safety measures which are necessary and proper in accordance with the risks of infringing Personal Data, and it strives to protect Personal Data by inspecting these safety measures, sets corrective process when needed.
5. Appropriate Management Information
The Company strives to keep Personal Data updated and if it finds inaccurate Personal Data it will correct Personal Data without delay.
6. Storage Limitation
Provider’s Personal Data is not kept in a manner that Personal Data is identifiable no longer than is necessary for the purposes for which Personal Data is processed.
7. Personal Data Transfer to Third Countries
Personal Data will be transferred to Japan and stored on the server in Japan. While the European Commission has not decided that Japan ensures an adequate level of protection, the Company will store Provider’s Personal Data in an appropriate manner.
8. Rights of access, correction, delete, and limitation of data processing
Provider can request access to his or her own Personal Data, correction and delete of inaccurate Personal Data, and limitation of data processing during assessment of accuracy of Personal Data. Contact regarding handling of Personal Data is the same as the one described in “Handling of Personal Information”. If Provider expresses objection to the Company’s handling of Personal Data, Provider has the right to object to supervisory authorities in European Economic Area. Although the Company shall respond to requests from Provider within one month, this term can be extended to 2 months at most.
9. Data Portability
The Company assures that Provider have the right to receive their Personal Data in a structured, commonly used and machine-readable format and have the right to transmit it to another controller.