HOME > PRIVACY POLICY for GDPR

PRIVACY POLICY for GDPR



1. Our Privacy Statement

We, PIOLAX, Inc. (“we”), consider the protection of your personal data is of great importance.
We process the personal data of customers or any other individuals to whom those regulations apply (“you”) in accordance with the applicable EU and its Member States' regulations on data protection, in particular the General Data Protection Regulation 2016/679 (the “GDPR”). This privacy policy for GDPR (the “Privacy Policy”), in addition to the “Piolax Privacy Policy (Personal Information Protection Policy)”, explains how we, as the data controller stipulated in the GDPR, process your personal data.



2. Categories of Personal Data / Purposes of Processing and Legal Bases

If we or any third party from which we obtain information have obtained your express consent in advance (Article 6 (1)(a) of the GDPR) to our processing of your personal data, we will obtain and process the personal data you consent for the purposes you consent.
You have the right to withdraw your consent at any time by the method we separately designate at the time we seek your consent. Such withdrawal of your consent will not affect the legality of processing based on your consent before withdrawal thereof.

We obtain and process the following categories of your personal data in case it is necessary to do so in order to perform our contractual obligations to provide products and services to you (Article 6 (1)(b) of the GDPR).

Categories of personal data
  • Name
  • Personal mailing address
  • Title
  • Identification number (Customer number, etc.)
  • Email address (personal / business)
  • Phone number (personal / business)
  • Employer
  • Online identifiers (IP address, cookie identifiers)
  • Username and password
  • Recorded phone calls
  • Employee performance assessment records
  • Recruitment information (resume, certificates, marital status, date of birth, references, etc.)


We, in order to comply with legal obligations we are subject to (Article 6 (1)(c) of the GDPR), obtain and process the following categories of your personal data for the purposes of handling inquiries from you and/or exercise of your rights based on the GDPR or applicable data protection regulation of EU or its Member States.

Categories of personal data
  • Name
  • Personal mailing address
  • Identification number
  • Email address
  • Phone number
  • Recorded phone calls
  • Contents of inquiries and/or exercise of your rights


Further, we obtain and process the following categories of your personal data for the following purposes in order to pursue our legitimate interests (Article 6 (1)(f) of the GDPR) (there will be a case where we process your personal data for purposes other than those for which your personal data were obtained, so long as these purposes are of the same category; for the details regarding the balancing test for legitimate interests, please inquire through the contact details specified in Paragraph 9 of this Privacy Policy).

Purposes
  • Managing Accounts
  • Providing products and services
  • Service change notice
  • Notice of our policy and terms and conditions
  • Improving safety and security by monitoring fraudulent activity or investigating suspicious or potential illegal activity or violations of our policies and terms and conditions.
  • Providing, improving, or creating advertisement regarding products or services
  • Data analysis, research and audit
  • Ensuring business continuity
  • Providing you with information that may be of interest to you
  • Managing your newsletter subscriptions
  • Sharing personal data with business partners (partner companies) to whom we may provide information regarding our products or services
  • Business analysis
  • Necessary data disclosure based on applicable laws or requests from public organization
Categories of personal data
  • Name
  • Personal mailing address
  • Title
  • Identification number (Customer number, etc.)
  • Email address (personal / business)
  • Phone number (personal / business)
  • Employer
  • Online identifiers (IP address, cookie identifiers)
  • Username and password
  • Recorded phone calls
  • Employee performance assessment records
  • Recruitment information (resume, certificates, marital status, date of birth, references, etc.)


We do not conduct any decision-making based solely on automated processing, which produces any legal effects concerning you or similarly significantly affects you.

We will notify you separately, if the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as the possible consequences of failure to provide such data.

We process personal data of special categories, such as religious belief or health conditions, etc., in accordance with the special standards specified in Articles 9 or 10 of the GDPR.



3. Data transfer

We will transfer your personal data to our headquarters in Japan. Japan is the county where the European Commission has decided that the country ensures an adequate level of data protection.



4. Parties from which we obtain information

We obtain your personal data directly from you or indirectly through the following third parties, etc.

  • Our affiliates
  • Our or our affiliates’ employees
  • Our business partners (including our partner companies, customers, suppliers, financial institutions, etc.)
  • Public organizations


5. Retention Period for Personal Data

We will retain your personal data for as long as necessary to fulfill the purposes specified in Paragraph 2 of this Privacy Policy. Specific retention periods are determined taking account of the purpose for obtaining and processing the personal data, the nature of the personal data, and the necessity of retaining the personal data for legal or business reasons.



6. Sharing and Disclosure of Personal Data

We share and disclose your personal data to the following third parties in accordance with the GDPR for the purposes stated in this Privacy Policy.

  • Our affiliates
  • Our employees or our affiliates’ employees who have an authority and necessity to access personal data
  • Service providers such as delivery companies and IT service providers, etc.
  • Our partner companies (business partners whom information regarding our products or services needs be shared with and/or disclosed to)
  • Parties to whom disclosure is made when required based on requests by applicable laws or public organizations

As a result of the aforementioned sharing and disclosure, in some cases your personal data will be transferred to the following third countries outside the EEA as well as Japan:

  • The United States of America, the United Kingdom of Great Britain and Northern Ireland, People’s Republic of China, Republic of Korea, the Kingdom of Thailand, Republic of India, Republic of Indonesia, United Mexican States

In such a case, except for sharing and disclosure within Japan, we will properly execute with the transferee the standard data protection clauses (Article 46 (2) (c) of the GDPR) approved by the European Commission. There may be cases where we do not execute the standard data protection clauses with the transferee when transferring your personal data to the United Kingdom of Great Britain and Northern Ireland or Republic of Korea where the European Commission has decided that the country ensures an adequate level of data protection. Further, there may be cases where transfer will be made based on the derogations for specific situations as set forth in Article 49 (1) of the GDPR. For the information concerning the adequacy decision by the European Commission and the standard data protection clauses or other safeguards, please inquire through the contact details specified in Paragraph 9 of this Privacy Policy.



7. Your Rights

You have the following rights regarding personal data obtained and processed by us. These rights are subject to the satisfaction of the requirements set forth in the applicable provisions of the GDPR, and may be restricted by the data protection regulations of the Member States.

  • Obtaining information regarding processing of data:
    You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 of the GDPR).
  • Access to personal data:
    You have the right to obtain from us confirmation as to whether personal data concerning you are being processed, and, if so, then access to the personal data and certain related information (Article 15 of the GDPR).
  • Rectification of personal data:
    You have the right to have us rectify inaccurate personal data concerning you without undue delay and the right to have us complete any incomplete personal data (Article 16 of the GDPR).
  • Deletion of personal data:
    You have the right to have us delete personal data concerning you without undue delay (Article 17 of the GDPR).
  • Restriction on processing of personal data:
    In certain cases, you have the right to have us restrict processing of personal data concerning you (Article 18 of the GDPR).
  • Objection to processing of personal data:
    You have the right to object to processing of personal data concerning you (Article 21 of the GDPR).
  • Data portability of personal data:
    You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from us (Article 20 of the GDPR).
  • Not to be subject to automated decision-making:
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces any legal effects concerning you or similarly significantly affects you (Article 22 of the GDPR).

If you intend to exercise any of the aforementioned rights, please inquire through the contact details specified in Paragraph 9 of this Privacy Policy.

You can lodge a complaint in relation to our processing of your personal data with the Data Protection Supervisory Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.



8. Amendment to this Privacy Policy

We may amend this Privacy Policy from time to time. We will inform you through this website and notify you by e-mail if necessary, where we make any substantive or material amendments.



9. Contact Details

For questions or inquiries regarding this Privacy Policy, please contact the data controller set out below.

Data Controller
PIOLAX, INC.
[Department in charge]
Business Administration Department General and Legal Affairs Group [Address; post code]
7F Yokohama Hanasaki Building, 6-145, Hanasaki-cho, Yokohama, 220-0022, Japan [Email address] piolax_gdpr1933Email addresspiolax.co.jp

We have also appointed a data protection officer. The data protection officer's contact details are as follows

[Email address] piolax_dpo1933Email addresspiolax.co.jp



Established on June 15, 2022
PIOLAX, INC.