GDPR Privacy Policy

1. Our Privacy Statement

Nissha Co., Ltd. (hereinafter “the Company” or “we”) and the Company’s affiliates (hereinafter “the Company Group”) process the personal data of customers to whom the below mentioned regulations apply (referred to as a “Customer” or “you” throughout this privacy policy) in accordance with the applicable regulations of the EU, member countries of the European Economic Area (“EEA”), and the UK relating to data protection, in particular the General Data Protection Regulation 2016/679 (the GDPR) and the GDPR as it is incorporated into the UK law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications(Amendments etc.) (EU Exit) Regulations 2019 (the UK GDPR) (hereinafter the GDPR and the UK GDPR shall collectively be referred to as the “GDPR”). This privacy policy explains how we, as the data controller, process your personal data and your rights in relation to our processing.

2. Company and Company Group Process Customers' Personal Data
based on the Following Legal Basis.

  1. Customer consent (Article 6, Paragraph 1 (a) of the GDPR)
  2. Where it is necessary for the performance of a contract or to take measures to conclude a contract (Article 6, Paragraph 1 (b) of the GDPR)
  3. Where it is necessary to process it in order to comply with a legal obligation (Article 6, Paragraph 1 (c) of the GDPR)
  4. Where it is necessary to protect the vital interests of the customer or a third party, such as in the event of a medical emergency (Article 6, Paragraph 1 (d) of the GDPR)
  5. If the processing of personal data is necessary for the legitimate interests of our group or a third party, and your interests and fundamental rights do not override the above interests (Article 6, Paragraph 1 (f) of the GDPR)

3. Purpose of the Processing, Categories of Personal Data,
Legal Basis for Processing, Data Recipients, etc.

We process your personal data as below.
Purpose of the processing Categories of personal data Legal basis for Processing Data recipients Data transfer outside EU/EEA
Delivery, management, and payment of products, etc. Your name, company name, department name, title, email address, phone number, address Legitimate interest of us to deliver products, settle payments and handle related matters Company and Company group Yes
(see 6. below)
Responding to various opinions, requests, and inquiries from customers Your name, company name, department name, title, email address, phone number, address Legitimate interest of us to respond questions and maintain customer relationship Cloud service provider, system development and maintenance service provider
Analyzing the attributes of customers Online identifiers and device information (Cookies, IP addresses and other online identifiers, operating system and web browser information, and other information obtained from your device)
Attribute information (age, gender, interest category, etc.)
Consent Website access analysis service providers
Performance analysis of SNS accounts Number of visits to SNS accounts, number of views, number of likes, etc. Legitimate interest of us to improve service quality of SNS accounts Cloud service provider
Sales and marketing Your name, company name, department name, title, email address, phone number, address Consent Website
Compliance with legal obligations related to Services Service information

Online identifiers and device information strictly necessary for the maintenance of our website
Compliance with legal obligations and Legitimate interest of us Government authorities and other parties to whom information is provided when required to provide information for compliance with laws and regulations

Lawyers supporting compliance with laws and regulations
For the details of balancing test on legitimate interest, please contact us at the contact details set out in 10. Contact Details below.

4. Sources of Personal Data

We obtain your personal data directly from you or indirectly through third parties.

5. Retention Period for Personal Data

We retain your personal data for as long as necessary to fulfill the aforementioned purposes for processing your personal data. For details, please see below.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Sharing of Personal Data

We may share your personal data with data recipients described in 3 above for purposes of the processing described in 3 above.

7. Transfer of Personal Data to foreign countries

We may transfer your personal data to the following foreign countries:
Company and Company Group

For transfer to Japan, we may transfer your personal data based on adequacy decision (see here for more information).
For transfer from EEA to the UK, we may transfer your personal data based on adequacy decision (see here for more information). Data transfer from the United Kingdom to EEA is permitted (see here for more information).

For transfer to other countries, we implement appropriate safeguards by executing with the transferee the standard data protection clauses (Article 46 (2) (c) of the GDPR) approved by the European Commission. If you wish to receive a copy of documentation related to these safeguards, please inquire using the contact details at the end of this privacy policy.

8. Your Rights

The GDPR gives you certain rights regarding your personal data. You may ask us to take the following actions regarding your personal data obtained and processed by us as long as you meet requirements under the GDPR:

  • Access to your personal data
    You have the right to obtain from us confirmation as to whether personal data concerning you are being processed, and, if so, the right to access the personal data and certain related information.
  • Rectification of your personal data
    You have the right to have us correct inaccurate personal data concerning you without undue delay and the right to have us complete any incomplete personal data.
  • Deletion of your personal data
    You have the right to have us delete personal data concerning you without undue delay.
  • Restriction on processing of your personal data
    You have the right to have us restrict processing of personal data concerning you.
  • Objection to processing of your personal data
    You have the right to object to our reliance on our legitimate interests as the legal basis of our processing of personal data concerning you that impacts you rights as well as the right to object to direct marketing.
  • Withdrawal of your consent
    You have the right to withdraw your consent at any time. This right only exists where we are relying on consent to process your personal data. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
  • Data portability
    You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and the right to transfer those data to another controller without hindrance from us.
  • Not to be subject to automated decision-making
    If certain conditions are satisfied, you have the right not to be subject to solely data-based, automated decision-making (including profiling) that produces any legal or similar material effect on you.

These rights may be limited where they would infringe the rights of a third party (including our rights), for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR and in local data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

If you intend to exercise any of the aforementioned rights, please contact us using the contact details at the end of this privacy policy. If you object to direct marketing, you can opt-out of communications conducted using electronic messages by following the instructions within that electronic message. We may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response.

You can also lodge a complaint in relation to our processing of your personal data directly to the relevant Supervisory Authority here if you are in the EEA or to the Information Commissioner's Office if you are in the UK.

9. Amendment to this Privacy Policy

We amend this privacy policy from time to time. We will contact you through this website and by e-mail if necessary, when we make any substantive or material amendments.

10. Contact Details

For questions or inquiries regarding this privacy policy, please contact the data controller or representative set out below.

Data Controller
Nissha Co., Ltd.
3 Mibu Hanai-cho, Nakagyo-ku, Kyoto 604-8551, Japan
it-strategy@nissha.com

EU Representative
Nissha Europe GmbH
Frankfurter Straße 63-69, 4. OG., 65760 Eschborn, Germany
admin-neg@nissha.com

Page top