Last Updated: October 1, 2020
1. About this notice
Nissha Co., Ltd. and its subsidiaries which introduce a group customer relationship management system (“we”, “us” and “our”) will process your personal data in compliance with every applicable law and any laws that replace them in the future. In this notice, we provide information based on such laws related to processing your personal data. This notice sets out the basis on which any personal data that you provide to us, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this notice.
Some personal data may be subject to other privacy policies issued by us. In such cases, this notice shall supersede such other privacy policies to the extent that the clauses set forth in such privacy policies contradict the clauses set forth in this notice.
2. Information about us
For the purpose of data protection law, the following parties of Nissha Group are data controllers in respect of your personal data. And we are committed to respecting your privacy.
For the purpose of data protection laws, these companies are joint controllers in respect of your personal data. This means that we are all responsible to you for processing your personal data. We have put in place an arrangement clarifying our respective tasks, duties and responsibilities to comply with data protection laws. If you wish to know more about this arrangement, please contact us using the contact information indicated below in Section 12.
In this notice:
your“personal data” means any information relating to an identified or identifiable natural person (“data subject”).;
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data;
“joint controllers” are two or more controllers jointly determining the purposes and means of processing.
4. How we collect your personal data and what personal data we collect
We will collect the following personal data about you (collected through communications including: writings, face-to-face discussion, business cards, phone calls, e-mails, or otherwise). Such information generally includes your name, company name, department, office address, office e-mail address, details of inquiries and response, and whether you wish to receive direct mail from us.
In some circumstances, we may be provided such personal data relating to you by the organization you represent or the organization that otherwise employs or engages you (“Business Partners”).
There may be circumstances where the provision of business services to us results in us collecting other types of personal data from you, or us being provided other types of personal data about you from Business Partners. If so, then we will protect such personal data to the same high standards explained in this notice and take any additional steps necessary to ensure we process such personal data in accordance with applicable laws.
When you visit our websites, we may automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.
5. Legal bases and purpose of processing personal data
We will process your personal data on the following legal bases.
Contract. This is where we need to process your personal data to perform the contract we enter into with you.
Legal Obligation. This is where we need to comply with a legal obligation.
Legitimate Interests. This is where the processing of your personal data is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.
Consent. This is where you have given consent for us to process your personal data. However, even if we obtain consent from you, we may process your personal data based on other legal grounds. The withdrawal of your consent (please see Section 10(g) of this notice below) shall not affect the lawfulness of processing performed based on the consent before your withdrawal.
We use the personal data that we hold about you for the following purposes. We will only use your personal data to the extent that it is necessary to do so to fulfil the purposes described below.
Communicating with you, including responding to your questions, inquiries or messages (based on contract or legitimate interest)
Analyzing data obtained on the website (based on consent)
Sending you direct mails regarding our business sevices (based on consent)
Operating the customer relationship management system (legitimate interest)
To comply with laws and regulations applicable to us (based on legal obligation);
To cooperate with relevant governmental authorities and agencies, including competent data protection authorities and those that are engaged in administrative or criminal investigations (based on legal obligation or legitimate interests).
We do not process your “sensitive data” (information about your race, ethnic origin, religion, physical or mental health, political opinions, sexual life, any actual or alleged criminal offences, and genetic and biometric data).
6. Disclosure of personal data to recipients
We may share your personal data with recipients in the situations described below:
Internal Use for us: Employees of us who are authorized and need to access these data.
Service Providers: We share your personal data with third-party service providers who perform services, such as providing data servers.
Legal Process and Safety: We may disclose your personal data to legal or government regulatory authorities as required by applicable law. We may also disclose your personal data to third parties as required by applicable law in connection with claims, disputes or litigation, when otherwise required by applicable law, or if we determine its disclosure is necessary to protect the health and safety of you or others, or to enforce our legal rights or contractual commitments that you have made.
Business Transfers: Your personal data may be disclosed as part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets, and could be transferred to a third party as one of the business assets in such a transaction. It may also be disclosed in the event of insolvency, bankruptcy or receivership.
7. Data Sharing under Japanese Law
In accordance with Japanese law, we may share personal information among us and our affiliates in the framework of data sharing under the Act on Protection of Personal Information, the details of which are specified as follows.
|Entity With Which Personal Information Is Shared||Nissha Co., Ltd and its subsidiaries which introduce a group customer relationship management system.
The current participants are as follows;
|Purpose of Sharing||
(a) Sending you direct mails regarding our business sevices
|Personal Information To Be Shared||your name, company name, department, office address, office e-mail address, details of inquiries and response, and whether you wish to receive direct mail from us|
|Party Responsible for Management of Personal Information||Each entity is responsible for the management of personal information which it collects from the data subject.|
8. Transfers of personal data outside the European Economic Area
The personal data that we hold about you may be transferred to, and stored by, a third party outside the EEA. Where we transfer your personal data outside the EEA, we will ensure that:
the recipient destination has been subject to a finding from the European Commission that it ensures an adequate level of protection for the rights and freedoms that you possess in respect of your personal data; or
the recipient enters into standard data protection clauses with us that have been approved by the European Commission.
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the information indicated in Section 12.
9. Storage limit of personal data
We will retain the personal data that we collect about you as long as it is necessary for the purposes set out in this notice, but at the longest for 6 years after your last contact with us, unless a longer period is demanded by applicable laws.
10. Your rights
You have a number of legal rights in relation to the personal data that we hold about you. These rights may vary depending on where you are located and which data protection laws will apply to the relationship between you and us, but would typically include:
the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
the right to request that we rectify your personal data if it is inaccurate or incomplete;
the right to request that we erase your personal data in certain circumstances. This may include (but is not limited to) circumstances in which:
it is no longer necessary for us to retain your personal data for the purposes for which we collected it;
we are only entitled to process your personal data with your consent, and you withdraw your consent; or
you object to our processing of your personal data for our legitimate interests, and our legitimate interests do not override your own interests, rights and freedoms;
the right to request that we restrict our processing of your personal data in certain circumstances. This may include (but is not limited to) circumstances in which:
you dispute the accuracy of your personal data (but only for the period of time necessary for us to verify its accuracy);
we no longer need to use the personal data except for the establishment, exercise or defence of legal claims; or
you object to our processing your personal data for our legitimate interests (but only for the period of time necessary for us to assess whether our legitimate interests override your own interests, rights and freedoms);
the right to object to us about our processing of your personal data.
the right to receive any personal data which we process about you on the basis of your consent or on a contract (as opposed to any other legal ground) and where the processing is carried out by automated means in a structured, commonly used and machine-readable format and/or request that we transmit that data to a recipient where this is technically feasible. Please note that this right only applies to personal data which you have provided to us;
the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we can rely on another legal ground for doing so.
You can exercise your rights by contacting us using the information about us indicated below in Section 12. You can also lodge a complaint with the data protection regulator if you think that any of your rights have been infringed by us.
11. Changes to This Privacy Notice
We may modify this notice from time to time and will post the updated notice with a “Last Updated” effective date of the revisions. We recommend that you review this notice periodically. If we make a material change to this notice, you will be provided with appropriate notice such as it being posted on a website.
Questions, comments and requests regarding this notice are welcome. Please contact us using the information about us below.
Nissha Co., Ltd.
Business Strategy Marketing
Product & Business Development Office
Address: 3 Mibu Hanai-cho, Nakagyo-ku, Kyoto 604-8551, Japan
E-mail Address : firstname.lastname@example.org