The Ibaraki Small and Medium Enterprise & Global Business Support Organization and its affiliated companies (collectively, the “Organization”) handle the confidentiality of information entrusted to us with the utmost care. We recognize that personal data is not only important to the individual concerned but is also critical to the Organization.
Accordingly, to protect the personal data we handle in the course of our operations, we have established and comply with a management system aligned with both Japanese data protection regulations and the EU General Data Protection Regulation (“GDPR”). Through these efforts, we aim to conduct highly transparent activities that earn the trust of all individuals who provide personal data to us.
The Organization handles personal data in accordance with this GDPR Privacy Policy.
Ibaraki Small and Medium Enterprise & Global Business Support Organization
President: Yasuyoshi Iwashita
GDPR Privacy Policy
When the Organization and its affiliates process the personal data of individuals located in the European Economic Area (“EEA”)—including collection, processing, and transfer—and the Organization determines the purposes of such processing, the Organization acts as a “Controller” as defined under the General Data Protection Regulation (“GDPR”).
In processing personal data, the Organization complies with its obligations as a Controller under the GDPR, as well as Japan’s Act on the Protection of Personal Information, related guidelines, and other applicable laws and regulations concerning the protection of personal data. We will handle personal data appropriately and rigorously as set out below.
1. Personal Data We Collect and Handle
The Organization handles the following categories of personal data:
- Personal data relating to customers and suppliers:
- name, organization/affiliation, and contact details such as telephone number and email address
- Other individuals:
- name, organization/affiliation, and contact details
2. How We Process the Personal Data Collected
(1) We process personal data only within the scope necessary for the following purposes related to our activities.
- Customers and suppliers’ personal data
Processing based on our legitimate interests to promote and improve our products and services, including:- for marketing
Processing based on our legitimate interests to build relationships with, and perform contracts with, customers and suppliers (provided that, where the customer or supplier is an individual, we process personal data insofar as necessary for the performance of a contract), including: - shipping products and providing after‑sales services
- performing tests/analyses requested by customers or suppliers and reporting the results
- managing credit information relating to customers or suppliers
- exercising rights and performing obligations under laws and contracts with customers or suppliers
- for marketing
- Other individuals
Processing based on our legitimate interests to respond to legal disputes, including:- handling inquiries and complaints
(2) If we engage in processing activities other than those described above (only to the extent permitted by applicable laws), we will notify the data subject accordingly.
(3) Notwithstanding the foregoing, we may process personal data beyond the scope necessary to achieve a specific purpose in the following cases:
- where required by laws and regulations;
- where necessary to protect the life, body, or property of a person and it is difficult to obtain the data subject’s consent;
- where particularly necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the data subject’s consent; or
- where necessary to cooperate with a national or local government agency, or a party entrusted by such agency, in performing affairs prescribed by laws and regulations, and obtaining the data subject’s consent may impede the performance of such affairs.
(4) We retain personal data only for as long as necessary for the purposes described above and, when no longer necessary, we delete or anonymize such data.
- If personal data may be required as evidence for legal claims or litigation, we retain it for the duration of the applicable statutory limitation period.
- In our recruitment activities, we dispose of application documents (such as résumés) of candidates who are not hired. For information about specific retention periods, please contact us at the “Inquiry Desk for Personal Data” listed below.
3. Transfers to Third Parties
We handle personal data within the Organization and may entrust processing to the following types of third parties:
- For all categories of personal data: IT service providers and mailing services
- For customers’ and suppliers’ personal data: logistics companies
Except in the cases described in Section 2.(3) of this GDPR Privacy Policy, we do not provide personal data supplied by customers to third parties without consent.
We do not provide (or transfer) personal data we obtain to third parties, except for joint use of personal data within the Organization’s group and outsourcing of processing in accordance with Japanese law and EU data protection rules.
We share personal data only with countries and organizations that ensure appropriate safeguards under applicable laws.
In particular, for international data transfers, we confirm that such transfers are based on an adequacy decision of the European Commission or on Standard Contractual Clauses (a copy of the Standard Contractual Clauses is available from the Inquiry Desk below).
4. Rights of Data Subjects
Subject to applicable data protection laws, individuals who have provided personal data to us may have the following rights. To exercise your rights, please submit a request to the “Inquiry Desk for Personal Data” below, including information that enables us to identify you and a method for verification. Please note that we may reject requests that are abusive or constitute misuse of rights not relevant to you.
- Right of Access and Data Portability
You have the right to access personal data held by the Organization and, with respect to personal data you have provided, the right to data portability. - Right to Rectification
You have the right to request the rectification of your personal data at any time where the legal requirements are met. - Right to Erasure
You have the right to request the erasure of your personal data at any time where the legal requirements are met. - Rights to Restrict Processing, Object, and Withdraw Consent
- Right to Object: Where the legal requirements are met, you have the right to object to the processing of your personal data based on legitimate interests in certain situations. In particular, you may object at any time to the processing of personal data for direct marketing purposes.
- Restriction: You have the right to request the restriction of certain forms of personal data processing in specific situations.
- Withdrawal of Consent: Where processing is based on consent, you have the right to withdraw such consent at any time.
The Organization will review whether processing should be suspended based on your request.
In addition, individuals who have provided personal data to us have the right to lodge a complaint regarding the handling of their personal data with the data protection authority having jurisdiction over the Organization or their place of residence.
5. Continuous Improvement
To respond to changes in social conditions and advances in information technology, the Organization continuously reviews and improves its personal data protection management system. To ensure the appropriate processing of personal data, we will review this GDPR Privacy Policy as necessary and promptly publish any changes.
6. Contact
For questions or concerns regarding this GDPR Privacy Policy, for reports of suspected non-compliance, or to exercise any of the rights described in Section 4 above, please contact us at the following:
■ Inquiry Desk for Personal Data
Ibaraki-ken Sangyō Kaikan 9F, 2-2-35 Sakuragawa, Mito, Ibaraki 310-0801, Japan
General Affairs & Planning Division, Ibaraki SME & Global Business Support Organization
TEL: +81-29-224-5317
E-mail: info@iis-net.or.jp