The EU General Data Protection Regulation (the “GDPR”) sets forth rules with regard to the processing and transferring of personal data for the purpose of the protection of such data.

1. Privacy protection efforts

JEPLAN, INC. and its subsidiary companies (the “JEPLAN Group”) will confront the issues surrounding privacy with complete sincerity. The JEPLAN Group considers respect for transparency and privacy as a fundamental factor underpinning all long-term relationships. Therefore, in accordance with applicable regulations related to data protection in the EU and its member states, and in particular, with regard to the the General Data Protection Regulation (Regulation (EU) 2016/679; the “GDPR”), the JEPLAN Group will endeavor to process personal data to which these regulations are applicable and protect information provided by all relevant individuals.
This Protection Policy explains about how the JEPLAN Group processes everyone’s personal data as a data administrator.
The JEPLAN Group’s definition of personal data is the same as that given under the GDPR, which is described as follows.
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who may be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such natural person.

2. Responsibility

This Protection Policy is applicable to personal data handled by the JEPLAN Group to which the GDPR is applicable. Please see “9. Inquiry” of this Protection Policy concerning the department responsible for and the data administrator related to the handling of personal data.

3. Type of, the purpose of processing of, and legal basis for processed personal data

(1) Source of acquired personal data
When a user obtains services of the JEPLAN Group, makes inquires thereabout, etc. by way of the relevant websites, the JEPLAN Group directly obtains personal data from such user. Moreover, the JEPLAN Group may obtain personal data from a distributor of the JEPLAN Group, a party to which the JEPLAN Group consigns marketing, or a subsidiary company or associated company set forth in Article 2 (3) (xxi) of the Regulation on Corporate Accounting of Japan.

(2) Type of processed personal data
A. Location and contact information: Name, address, e-mail address, telephone number, facsimile number, customer ID, etc.
B. Contract- or transaction-related information: Content of inquiry, content of contract, regional information, and information about transactions with a distributor
C. Information obtained online: Information automatically obtained via the relevant system, such as cookie information; information obtained online contains IP address, browser type, OS, and reference source URLs, as well as information exchanged with digital media of the JEPLAN Group.

(3) Method of handling personal data
The JEPLAN Group will process personal data based on the legal grounds set forth in the GDPR. The JEPLAN Group will endeavor to maintain accurate and up-to-date information and keep the same only for the required minimum period in relation to the following purposes. A specific data retention period is to be determined giving consideration to the purpose of acquiring and processing.
personal data, the nature of personal data, and the necessity for retaining personal data under law or in the course of operations. If so required, the JEPLAN Group promises to save personal data only to the extent required by law.
A. Cases that require processing for performance of a contract that provides products or services of the JEPLAN Group.

When a user makes inquires, complaints, etc. about provision of the JEPLAN Group’s products or services, performance of a contact with the JEPLAN Group, or the JEPLAN Group websites, in order to appropriately respond to such inquires or opinions regarding specific products or services or so as to provide such products or services, the JEPLAN Group may handle the provided information.

The JEPLAN Group also uses and handles personal data to support services and related transactions. This support contains support for quality assurance, fund procurement, purchasing, delivery, and maintenance.

B. Cases that require processing for the pursuit of legitimate interests
(A) The JEPLAN Group uses personal data for development, improvement, enhancement, and marketing of products and services. This allows the JEPLAN Group’s products and services to improve.
(B) The JEPLAN Group uses personal data so as to maintain the safe and secure utilization of the JEPLAN Group’s products and services, such as for prevention of and responses to fraudulent accounts and fraudulent acts.
(C) The JEPLAN Group uses personal data in order to investigate or respond to allegations and disputes related to the use of its products and services as well as to satisfy requirements under applicable laws, regulations, operating licenses or related contracts, and insurance policies.
(D) The JEPLAN Group uses personal data for provision of opportunities for scientific research and education.

C. Cases in which customers give prior express consent
The JEPLAN Group may handle the personal data of applicants for recruitment activities. In such case, when the applicants have submitted detailed personal data, the JEPLAN Group separately provides them with “Announcements” for privacy protection.

D. Cases that require processing of personal data so as to comply with legal obligations to which the JEPLAN Group is subject
The JEPLAN Group uses personal data to comply with legal procedures implemented by law enforcement agencies and demands from relevant governments.

The JEPLAN Group may request that users consent to treatment of their personal data. Even if users have already consented thereto, they may withdraw such consent at any time using the contact information described in “9. Inquiry”; provided, however, that even if such consent has been withdrawn, the legality of processing based on consent granted prior to withdrawal would not be affected by such withdrawal.

The JEPLAN Group does not make decisions based on automated data processing alone that would give rise to legal effect or have equally serious influence.

The JEPLAN Group may make use of personal data to comply with laws or regulations, or for performance of a contract. In such case, unless the JEPLAN Group is able to obtain personal data from users, it may not be possible to fulfil obligations to the users under a contract. In addition, if provision of personal data is essential as per laws, regulations, and/or a contract or constitutes a requirement necessary for execution of a contract, the JEPLAN Group will separately notify users of whether or not they are obligated to supply their personal data as personal data subjects, as well as of the consequences of failure to provide the relevant personal data. Treatment of personal data may be deemed to be necessary for public or important benefits in accordance with the GDPR.

4. Sharing of personal data

The JEPLAN Group may share personal data with the following companies and groups.
(1) A distributor, a business partner, and an entrusting party that supplies and has a relationship with the JEPLAN Group’s products and services
(2) An auditor, administrative supervising organization, etc. in cases in which legal requirements are necessary for protection of the rights and assets of the JEPLAN Group

5. User rights and choices

Users have certain rights related to personal data held by the JEPLAN Group. The JEPLAN Group sets forth choices below that users are able to make concerning personal data obtained from them, the method of handling thereof, and the method of communicating with them related to the same.

(1) Users may request that the JEPLAN Group disclose personal data handled by the JEPLAN Group. That is, the JEPLAN Group represents that users are able to confirm whether or not the JEPLAN Group has users’ personal data, request for disclose personal data managed by the JEPLAN Group, receive all relevant information necessary relating to data processing undertaken by the JEPLAN Group, such as information on holding of personal data, and receive duplicate copies of personal data held by the JEPLAN Group.
(2) Users may modify, update, and delete personal data.
(3) If certain requirements are satisfied, users may raise objections to the handling of personal data for the purpose of investigation, including marketing.
(4) Users may withdraw their consent by contacting the e-mail address set forth in “9. Inquiry.” Users may request that the JEPLAN Group restrict treatment of personal data by applying for suspension of treatment of their own personal data.
(5) If certain requirements are satisfied, users may repossess personal data or may transfer the same to another administrator (i.e., data portability). If certain legal requirements are satisfied, users may receive their personal data in a generally available and readable form. If technologically possible, users may transfer their personal data to another administrator.

The JEPLAN Group undertakes appropriate measures so as to comply with laws and regulations of each country in which cookies are distributed. If a user resides in a country to which such laws and regulations are applicable, such user may apply for suspension of treatment of specific personal data automatically obtained when such user visits JEPLAN Group websites. Users may receive notification to the effect that they may disable their method of notification and specific types of cookies depending on the browser(s) used thereby; provided, however, that if cookies are disabled, relevant users may not be able to use JEPLAN Group websites or online services in whole or in part.

“Cookies” are small text files that are transmitted to users’ devices via a website for the purpose of recording. Although cookies normally identify users’ devices and web browsers, it is impossible for cookies alone to identify users as individuals.
Cookies are required for users to smoothly use websites, and they record preferences (e.g., used language) and behaviors on such websites (e.g., login status and items placed in a cart). Cookies also make it possible to improve certain functions, to collect analytical data for improvement of performance, and to display advertisements personalized for the websites in question or advertising technology partners by tracking users over the Internet.
Users are able to accept or reject cookies that are not strictly required for website functions relating to the websites in question or a third party relating to the websites in question(i.e., an advertising technology partner) through using cookie banners displayed on individual websites or settings (within the scope legally necessary).
Please see the separately regulated Cookie Policy for further explanations related to the handling of cookie-related information.

When exercising rights, please use the contact information set forth in “9. Inquiry.“ Users have the right to assert complaints related to handling of personal data in supervising organizations of EU/EEA member states that they reside in, work in, or contact concerning data breaches.

6. Extraterritorial transfer

The JEPLAN Group may transfer personal data to other countries and to international institutions, including those outside the EU and EEA areas. In a country to which personal data has been transferred, there may not exist laws related to personal data protection equivalent to those of the country from which such personal data was initially provided. When the JEPLAN Group transfers personal data to another country, the JEPLAN Group undertakes appropriate protective measures by executing a Standard Contractual Clause (SCC) approved by the recipient of personal data and the European Commission, and it protests personal data in accordance with applicable laws relating to protection of personal data. When you request a copy of the document related to protective measures, please use the contact information set forth in “9. Inquiry.”

7. Revision of “Announcements”

This Personal Data Protection Policy may be updated without any advance notice in order to adjust to fluctuations of customary practices and conventions regarding personal data. By posting easily understandable “Announcements” on the related websites, the JEPLAN Group notifies users of important changes related to such “Announcements” and places the update date on the upper part of the relevant page. Giving consideration to the impact on users’ personal data, the JEPLAN Group may request that users consent to any updating of “Announcements.”

8. Special matters related to the use of a whistleblowing system

In order to directly or indirectly protect identifiable persons via personal data (“data subject(s)”), if internally reported information is leaked, anonymity may become impossible, and a profile of the data subject may be disclosed to the responsible department at the JEPLAN Group.
If a data subject has contacted a data processor for inquiries about personal data, anonymity may become impossible in relation to appropriate responses and protection of the data subject, and a profile of the data subject may be disclosed to the department responsible at the JEPLAN Group.

9. Inquiry

Please use the following contact information for questions, opinions, complaints, etc. related to the Personal Data Protection Policy (GDPR).

E-mail address for inquiries:
privacy@jeplan.co.jp

* Please note that the JEPLAN Group does not allow direct office visits.