Personal Data to Be Collected
The scope of Access Logs that will be collected on the website and used by the Company is as follows.
Access Logs. The Company and third parties collect Access Logs, including types and versions of browsers used, operating system used, referrer URLs, referrers (the link source URL used at the time of reference), hostnames of the accessing computers or other devices, times of the server inquiry, and the IP addresses, on the Company’s website.
Purpose of Using Your Personal Data
The Company will use your personal data for the following purposes:
- Improving user experience on the Company’s websites and services;
- Analytics of the Company’s websites;
- Compiling statistics about the usage of the Company’s websites or services;
- and Other activities related to the above.
Lawful Basis for Processing
The Company will process your personal data only when the law allows the Company to do so. The Company will process your personal data on the following bases.
Legitimate interests. This is where processing of your data is necessary for a legitimate interest pursued by the Company or a third party, and your interests and fundamental rights do not override those interests.
Sharing and Cross-Border Transfer of Personal Data with Third Parties
The following third parties may have access to the personal data collected by the Company.
The Company’s Affiliated Companies. The Company’s affiliated companies acquire and use your Access Logs to collect information such as the numbers of visitors to the Company’s websites, where visitors have come to the websites from, and the pages they have visited.
AWS (Amazon Web Services, Inc.). Your Access Logs may be retained on AWS’s cloud service. However, such information is encrypted, and AWS cannot use the information. In addition, your Access Logs may be transferred to areas outside of the EEA through AWS’s cloud service. The Company puts in place safeguards necessary for such cross-border transfers (including standard contractual clauses (SCC)).
Retention Period for Your Personal Data
Unless a longer retention period is required by laws, the Company will retain your personal data as long as it is needed for achievement of the purpose of use above.
Rights to Control Your Personal Data
- (a) Right to access, rectification, erasure, restriction
Regarding the processing of personal data, you have the following rights:
- Request from the Company access to your personal data pursuant to Art. 15 of the GDPR
- Request from the Company rectification of your personal data pursuant to Art. 16 of the GDPR
- Request from the Company erasure of your personal data pursuant to Art. 17 of the GDPR
- Request from the Company restriction of processing pursuant to Art. 18 of the GDPR
- (b) Right to object
You have the right to object on grounds relating to your particular situation to the processing of personal data concerning you that is based on Art. 6(1)(e) or (f) of the GDPR, including profiling based on those provisions pursuant to Art. 21(1) of the GDPR.
- (c) Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority pursuant to Art. 57(1)(f) of the GDPR.
Changes to this Policy
The Company may change or modify this Policy from time to time and will post the updated Policy with a “Last Updated” effective date of the revisions. The Company recommends that you review this Policy periodically. If the Company makes a material change to this Policy, the Company may choose to post a separate notice on the Company’s website indicating that the policy has been updated.
Contact the Company
If you have any questions about this Policy, your rights under this Policy, or any other issue regarding the protection of your personal data, you may contact the Company by postal mail (141-6025, 2-1-1 Osaki, Shinagawa-ku, Tokyo), or through the inquiry form below.