GDPR Privacy Policy
Our company handles Personal Data in accordance with the EU General Data Protection Regulation (GDPR) and has established the following rules for handling Personal Data. Although our company is headquartered in Japan and therefore acts as a Controller is located outside the EU and the European Economic Area (EEA), Japan has received an adequacy decision from the European Commission, and our company may lawfully process Personal Data under that adequacy decision.
Asprova Corporation
Representative Director: Tomohiro Tanaka
1 Purpose
(1) This Privacy Policy sets out our policy and principles regarding when our company processes Personal Data relating to identified or identifiable natural persons in the European Economic Area (EEA) (hereinafter referred to as “the Data Subject”).
(2) Our company will comply with the GDPR, applicable laws and regulations on Personal Data protection, and this Privacy Policy. Personal Data covered by this Privacy Policy is limited to Personal Data in the European Economic Area.
2 Definitions
The terms used in this Privacy Policy are defined as follows.
| Term | Definition |
|---|---|
| Personal Data | Information relating to a natural person who is identified or identifiable, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier. ※ “Online identifier” refers to characters or symbols used to identify communications, such as IP addresses or cookies. |
| Processing | Any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or any form of disclosure or other use. |
| Controller | A legal person (corporation) that has the authority to collect and handle Personal Data, determines the purposes of collection, determines how the data will be processed, and is responsible for managing the handling to ensure its secure Processing. In this Privacy Policy, “Controller” refers to our company. |
| Consent | A freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to Processing of Personal Data relating to them for one or more specific purposes. |
3 Name and Address of Controller
Name: Asprova Corporation
Address: 7-9-2 Nishigotanda Shinagawa-ku, Tokyo | Japan
Telephone: +81-3-6303-9933
E-mail: worldsupport@asprova.com
4 Name and contact details of the Data Protection Officer (DPO)
Name: Christian Claus
Address: Charlotte-Bamberg-Straße 4 35578 Wetzlar Germany
Telephone: +49 6441 447 62 51
E-mail: datenschutz@asprova.eu
5 Name and contact details of the Lead Supervisory Authority
Name: Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Telephone: +49 611 1408-0
E-mail: poststelle@datenschutz.hessen.de
6 Personal Data Collected and Processed by Our Company
Our company may collect and process Personal Data falling into the following categories for the purposes and on the legal bases described below.
| Categories of Personal Data | Purpose(s) of Processing | Legal basis |
|---|---|---|
| Name | Article 8(1) | Legitimate interests (to identify legitimate users; to provide information about new features and to offer support; to maintain and improve service quality by responding quickly to issues), Consent |
| Company name | Article 8(1) | Legitimate interests (to identify legitimate users; to provide information about new features and to offer support; to maintain and improve service quality by responding promptly to issues), Consent |
| Email address (including corporate email address) | Article 8(1)(2) | Legitimate interests (to identify legitimate users; to provide information about new features and to offer support; to maintain and improve service quality by responding promptly to issues), Consent |
| Telephone number (including corporate telephone number) | Article 8(1)(2) | Legitimate interests (to identify legitimate users; to provide information about new features and to offer support; to maintain and improve service quality by responding promptly to issues), Consent |
| Address (including corporate address) | Article 8(1)(2) | Legitimate interests (to identify legitimate users; to provide information about new features and to offer support; to maintain and improve service quality by responding promptly to issues), Consent |
| Position | Article 8(1) | Consent |
| Software usage history in relation to our services | Article 8(3) | Consent |
| Content of inquiries or consultations | Article 8(1)(3)(4) | Legitimate interests (for provision of our services; improvement of our services; and detection of fraudulent activity), Consent |
| IP address | Article 8(4) | Consent |
7 Methods of Collecting Personal Data
Our company collects Personal Data by the following methods.
①Direct collection
Our company collects Personal Data directly from the Data Subject via designated forms, postal mail, e-mail, or other means in the following situations:
- Registering via the registration form on our website to use our services
- Logging in or performing operations on the software, when using our services
- Requesting information about products or services handled by our company
- Receiving a business card
- Contacting our company
②Indirect collection
Our company collects Personal Data provided by partner companies and by our German subsidiary.
8 Purposes of Processing Personal Data
Our company processes Personal Data for the following purposes:
- To provide support for continued use of our services
- To provide updates about our services and to inform the Data Subject of seminars or events
- To improve functionality, including development of new features, and to fix defects
- To maintain the security of our services and prevent fraudulent activities; and to maintain service quality and provide users with a stable connection environment
9 Rights of the Data Subject
The Data Subject who provides Personal Data to Controller have the following rights:
①Right of access
The Data Subject has the right to access Personal Data concerning them that our company processes and the information set out in the GDPR.
②Right to rectification
The Data Subject has the right to request that our company correct inaccurate Personal Data concerning them.
③Right to erasure (right to be forgotten)
Where one of the grounds set out in the GDPR applies, the Data Subject has the right to request that our company erase Personal Data concerning them without undue delay.
④Right to restriction of Processing
Where one of the grounds set out in the GDPR applies, the Data Subject has the right to request that our company restrict Processing of their Personal Data.
⑤Right to data portability
Where one of the grounds set out in the GDPR applies, the Data Subject has the right to request to receive Personal Data concerning them in a structured, commonly used, and machine-readable format and may request that our company transmit those data to another Controller without hindrance from our company.
⑥Right to object
The Data Subject has the right to object to Processing of their Personal Data where Processing is based on the necessity for the purposes of the legitimate interests pursued by our company or by a third party.
⑦Right not to be subject to automated individual decision‑making, including profiling
The Data Subject has the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. Our company does not carry out automated decision‑making, including profiling, with respect to the Data Subject’s Personal Data.
The Data Subject may contact the Data Protection Officer (DPO) specified in Article 4 at any time to exercise the rights described above.
The Data Subject also has the right to lodge a complaint with a supervisory authority at any time. Before contacting a supervisory authority, our company would appreciate the opportunity to address the matter; please therefore contact us or the DPO specified in Article 4 first.
10 Withdrawal of Consent
Even where the Data Subject has freely given Consent and provided Personal Data, the Data Subject may withdraw Consent at any time, freely and without giving any reason, and may require that further Processing based on that Consent cease. Withdrawal of Consent will not affect the lawfulness of Processing carried out prior to withdrawal.
11 Necessity of Providing Personal Data
Personal Data provided by the Data Subject is necessary for entering into a contract with our company or for our provision of services. If Personal Data is not provided, it may not be possible to use our services.
12 Data Security
Our company has implemented appropriate technical and organizational security measures for the protection of Personal Data. Access to Personal Data is granted only to the minimum number of persons necessary.
13 Provision and Transfer of Personal Data
(1) Joint use
Our company may share and jointly process Personal Data for the purposes set out in this Privacy Policy with the following parties. For the privacy policy of joint users, please click here:
Name: Asprova GmbH
Address: Charlotte-Bamberg-Strasse 4 35578 Wetzlar, Germany
(2) Entrustment to processors
When Processing Personal Data our company collects, we may engage the following processors to carry out part of the Processing. We will appropriately direct and supervise such processors.
IT service providers
14 The period for which Personal Data will be stored
(1) Our company will store Personal Data only for as long as it is reasonably necessary to achieve the purposes for which the data were collected. (2) If the Data Subject exercises the rights set out in Article 9, the storage period may be shortened notwithstanding the preceding paragraph. (3) Notwithstanding paragraph (1), where we determine that it is necessary to store Personal Data — for example, if a complaint is filed by the Data Subject or if we judge there is a possibility of litigation— we may store the relevant data for a longer period.
15 Updates
This Privacy Policy will be updated from time to time; the latest version will be posted on our website.