KOIKE-YA GDPR Privacy Policy
KOIKE-YA Inc. and its group companies (hereinafter collectively referred to as "KOIKE-YA Group") provides information on the processing of personal data in the context of activities of its representative office and subsidiaries in European Economic Area in connection with its relationship with existing and potential customers, existing and potential employees, any third party related to such customers or employee and other persons with whom KOIKE-YA Group maintains or is considering to create a relationship pursuant to the European General Data Protection Regulation (GDPR).
KOIKE-YA Group will handle the said personal data in accordance with the "KOIKE-YA Privacy Policy" and the "KOIKE-YA GDPR Privacy Policy". KOIKE-YA Group will also comply with the GDPR even if it is not provided in the "KOIKE-YA Privacy Policy" or the "KOIKE-YA GDPR Privacy Policy".
In the event that any provisions of this KOIKE-YA GDPR Privacy Policy contradict those of KOIKE-YA Privacy Policy, the provisions of this GDPR Privacy Policy shall prevail.
Definition.
Terms used in this KOIKE-YA GDPR Privacy Policy are defined as follows.
| Applicable privacy legislation |
General Data Protection Regulations (EU General Data Protection Regulation, GDPR); the UK Data Protection Act 2018; Japanese Act on the Protection of Personal Data. |
| GDPR |
General Data Protection Regulations (EU General Data Protection Regulation) |
| EU |
Means the European Union, including the Member States of the European Union and, under the European Economic Area (EEA) Agreement, Iceland, Liechtenstein and Norway. |
| controller |
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. |
| personal data |
Any information relating to an identified or identifiable natural person; an identified or identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| data subject |
An identified or identifiable natural person Provided above. |
| processor |
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
| Acquirer |
A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. |
| third party |
Natural or legal persons, public authorities, departments or other organisations other than the data subject, controller, processor and persons authorised to handle personal data under the direct authorisation of the controller or processor. |
Name and address of the controller
Overseas Business Dept.
KOIKE-YA Inc.
5-9-7 Narimasu, Itabashi-ku, Tokyo 175-0094, Japan
Email: info.eu@koike-ya.com
Name and address of the principal supervisory body
If the data subject believe KOIKE-YA Group are processing your personal data not in accordance with applicable laws, you can complain to the Belgian Data Protection Authority
https://www.privacycommission.be/professionnel
The data subject has the right to lodge a complaint with the supervisory authority mentioned above at any time. However, KOIKE-YA Group would ask that the data subject contact the administrator mentioned in 2 above in advance to give us the opportunity to deal with the complaint before contacting the supervisory authority.
Cookies
Our internet pages use cookies. Cookies are text files that are stored on your computer system via your internet browser. Many internet sites and servers use cookies. A cookie consists of a string of characters that allows internet pages and servers to be assigned to the particular internet browser in which it is stored. This enables the viewed internet site or server to identify the individual browser of the data subject from other internet browsers containing other cookies. The one and only cookie ID can be used to recognise and identify a specific internet browser. By using cookies, KOIKE-YA Group are able to provide the users of this website with user-friendly services that would not be possible without the cookie setting.
By using cookies, the information and advertising on our website can be optimised with the user in mind. The purpose of this is to make it easier for users to use our websites. For example, website users who use cookies do not have to enter access data each time they visit the website. This is because cookies are stored on the user's computer system via the website. At any time, the data subject can prevent the setting of cookies through our website by means of the corresponding settings of the internet browser used, and can permanently negate the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via the internet browser or another software programme. This is possible with all common internet browsers. If the data subject deactivates the cookie settings of the internet browser used, not all functions of our website may be fully available.
Purposes of processing personal data.
KOIKE-YA Group process personal data only for the following purposes
- When required for authentication to use KOIKE-YA Group 's website;
- When required to register for e-mail newsletter distribution services;
- When required to apply for gifts, campaigns, etc., and to send prizes to winners;
- When required for the purchase of products on the mail-order websites;
- When required for product development and other service improvements and enhancements;
- When required for inquiries to KOIKE-YA Group;
- When required for the delivery of behaviorally targeted advertisements (To deliver advertisements that are linked to the content viewed by the customer based on the customer's browsing history, usage history, etc., of the website operated by KOIKE-YA Group) using an ad-serving company;
- When required to analyze attribute information, behavioral history, etc. obtained by KOIKE-YA Group in order to understand the interests, preferences, etc. of customers;
- When required for the use of KOIKE-YA Group 's website services;
- When required for business-related communications, contract execution, business negotiations, etc.;
- When required to exercise rights or fulfill obligations under corporate law;
- When required to contact and provide information to applicants for employment or recruiting activities, or for other recruitment or recruiting activities
- When required for business communication, payment of compensation (wages, bonuses, benefits, etc.), performance of personnel and labor management, provision of benefits, and health management for employees
Legal basis for processing personal data.
The legal basis for processing is as follows.
- where the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
*If the processing is based on the consent of the data subject under (i) above, the data subject concerned has the right to withdraw this consent.
- Where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Where the processing is necessary for compliance with a legal obligation to which the controller is subject.
- Where the processing is necessary in order to protect the vital interests of the data subject or of another natural person.
- where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of officialauthority vested in the controller.
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
*(vi)Where legitimate interests are the lawful basis for processing include the following cases.
Marketing to customers (direct marketing).
Customer service to customers.
applying for employment with the Company.
The rights of the data subject
Under applicable privacy legislation, including the GDPR, data subjects have the following rights. To assert these rights, the data subject may contact our appointed the administrator at any time.
- Right to information.
When collecting personal data from a data subject, the controller must provide certain information to the data subject at the time of obtaining the personal data.
- Right to Access.
The controller must provide a copy of the data subject's request for access to the personal data being processed.
- Right to rectification.
The data subject can ask the controller to rectification inaccurate personal data.
- Right to erasure.
In certain cases, the data subject has the right to obtain the deletion of personal data concerning him or her from the controller without delay.
- Right to restriction of processing.
The data subject has the right to have the controller restrict the processing in certain cases.
- Right to notice of rectification, erasure or restriction of processing of personal data.
In cases (iii) to (v) above, the controller will inform the acquirer about this process and, if requested by the data subject, inform the acquirer about the data controller.
- Right to data portability.
A data subject has the right to receive personal data concerning him or her in a structured, commonly used and machine-readable form. They also have the right to have such data transferred to another controller without interference from the controller to whom the personal data were provided.
- Right to object.
The data subject has the right to object to processing of his or her personal data on the basis of necessity of the processing for purposes of legitimate interests pursued by the controller or a third party.
- The right not to be subjected to automated processes, including profiling.
A data subject has the right not to be subjected to a decision based solely on automated processing, such as profiling, which has legal effects concerning him or her or which has similar material effects on the data subject concerned.
Security control measures.
As a controller, KOIKE-YA Group have implemented adequate technical and organisational safeguards with regard to the protection of personal data. Where a data subject has concerns, e.g. with regard to a particular data transfer method, KOIKE-YA Group will take adequate alternative measures.
Cross-border data transfers
KOIKE-YA Group may transfer the personal data of data subjects from our establishments (branches) in countries and territories within the EU to our sales offices in Japan or to overseas offices of the Group. The personal data of data subjects transferred includes the personal data of customers and the personal data of employees of establishments in the EU.
The transfer of personal data to Japan is based on the sufficiency certification for cross-border data transfers obtained by the Japanese State.
The transfer of personal data to third countries outside Japan and the EU (excluding countries and territories that have obtained sufficiency certification) is by way of the conclusion of Standard Contractual Clauses (Standard Contractual Clauses).
For more information on the content of the Japanese sufficiency finding, please visit the European Commission's website at https://ec.europa.eu/info/law/law-topic/data-protection_en.
Period of storage of personal data
Personal data is stored for the legal retention period in each EU Member State and Japan, and personal data is securely deleted as soon as possible after the end of the legal retention period, unless it is necessary in relation to the purpose of the contract or other processing.
Notification to the principal supervisory body
KOIKE-YA Group may notify the principal supervisory body when required under the applicable privacy legislation.
General provisions.
This KOIKE-YA GDPR Privacy Policy was last revised on 01.01.2023. KOIKE-YA Group may change this KOIKE-YA GDPR Privacy Policy from time to time in accordance with the law or in accordance with our policy. However, KOIKE-YA Group will not use the personal data of data subjects in new ways without their consent.
