Privacy Policy Concerning GDPR
This Privacy Policy applies only to the processing of personal data covered by the EU’s General Data Protection Regulation (2016/ 679) (hereinafter referred to as “GDPR”).
- Purpose of this Privacy Policy
The purpose of this Privacy Policy is to explain how NEXT-SYSTEM Co., Ltd. (hereinafter referred to as “our”, “us” and “we”), as a data controller, processes (collects, uses, stores, discloses through transmission etc.) personal data of identified or identifiable natural persons within the European Union (such natural persons are hereinafter referred to as “Customers” and such personal data is hereinafter referred to as “personal data”).
We respect the right to privacy of individuals and comply with GDPR and other laws and regulations related to data protection and privacy.
- Contact
For any comment or question regarding this Privacy Policy, or to request disclosure, correction, addition, update, or deletion of personal information, please contact us via the Contact Us page of this Site.
- Legal Grounds for Lawful Processing of Personal Data
We shall make use of personal data only as permitted by the relevant laws or regulations, in particular the GDPR.
Any processing of personal data by us will be based on at least one legal ground.
In the following, we summarize (a) the purposes for which we are using personal data, (b) the types of personal data, and (c) the legal grounds for processing personal data:
a.Purposes b.Types of Personal Data c.Legal Grounds 1.Related to the supply of goods or services, including - ordering (or receiving)
- delivery (or receipt)
- payment of expenses
- management of receivables and payables
- Name, Company Name
- Country, Address
- Email address
- Phone number
Performance of contract 2.Event notices, introduction of new products and services (newsletters) - Name, Company name
- Address
- Email address
Consent by Customers 3.Responses to inquiries and questions - Name, Company name
- Address
- Email address
Performance of contract, legitimate interest
- Sources of Personal Data
We obtain personal data directly from Customers or indirectly through third parties, such as the following:
- providers of sales agency services (Location: Germany)
- Provision of Personal Data to Third Parties
In accordance with the GDPR, we shall share personal data with third parties operating the following types of businesses for the purposes set forth in this Privacy Policy:
- cloud services for managing and storing information of Customers
In addition, the disclosure set forth above includes the transfer of personal data to countries outside the EU and EEA, such as Japan. Japan has obtained a certificate of sufficiency for GDPR. We have taken appropriate protective measures through standard contractual clauses adopted by the Council of the European Union for transfers to countries other than Japan that are outside the EU and EEA.
- Retention Period for Personal Data
We shall retain personal data only for as long as is necessary to achieve the purposes for which the personal data is processed. The specific retention period will be determined in consideration of the purposes for which the personal data is obtained and processed, the nature of the personal data, and the legal or business necessity for retaining the personal data.
- Legal Rights of Customers
Customers have the following rights with respect to personal data, provided that applicable requirements are met:
- Request for access to personal data: Customers may receive a copy of the personal data we hold about Customers and check the status of the legal processing of personal data.
- Request for correction of personal data: If the relevant personal data is incomplete or inaccurate, Customers may amend such personal data. However, we may require Customers to substantiate the accuracy of any new personal data that is corrected.
- Request for deletion of personal data: If we have no legitimate reason to continue processing personal data, Customers may request that we delete the relevant personal data. However, there may be cases in which we are unable to comply with requests for certain legal requirements.
- Complaints about inappropriate processing of personal data: Customers may object to the processing of the relevant personal data.
- Request for restrictions on the processing of personal data: Customers may request that we cease to process personal data.
- Request for portability of personal data: Customers may request to receive personal data in a structured, commonly accepted and machine-readable format, or to have it transferred to another controller without restriction from us.
- Withdrawal of consent to the processing of personal data: The withdrawal of consent does not affect the legality of any processes that were undertaken prior to the withdrawal. In addition, we may not be able to provide certain products or services to Customers should Customers withdraw the consent. In such a case, we shall inform Customers at the time of withdrawal.
Customers may file an objection with the data protection regulatory authority of the member state of residence. However, we would be more than willing to first address any questions Customers may have to us before contacting the relevant authority.
- Updates to this Privacy Policy
This Privacy Policy shall be updated as necessary. The latest version is available on our website.
Enacted on October 21, 2021
[ Privacy Policy ]