1. Purpose of Processing EU and UK Personal Data Acquired from Customers and Other Subjects Concerned
GMO Adam, Inc. (“we”, “our,” or “us”), as a Japanese corporation and the entire corporation processing EU and UK personal data, in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission and UK Data Protection Act, we shall process customers’ EU and UK personal data only within the scope necessary for the intended use that is specified and publicized in advance. However, in the case where it is required by laws and regulations, we may process EU and UK personal data of customers and other subjects beyond the scope necessary for achieving the intended use specified and publicized in advance. Moreover, providing EU and UK personal data is indispensable for fulfilling contractual agreement, and therefore if EU and UK personal data cannot be provided at each customer’s own discretion, providing services to such customer may be hindered.
We use personal information to the extent necessary to achieve the following usage purposes for Adam byGMO (the “Service”).
- To provide customers with the Service;
- To market and advertise the Service;
- To send customers newsletters, promotional materials, and information related to the Service, or goods and services of our group corporations or our partner corporations;
- To facilitate the creation of customers’ accounts, to help customers’ manage their accounts, to give customers notice regarding their accounts;
- To confirm, review, and respond to customers’ requests and inquiries regarding us or the Service;
- To develop, improve, and provide the Service by conducting research, analysis and surveys;
- To exercise our rights and fulfill our obligations arising out of or in connection with any contracts between customers and us;
- To comply with the applicable laws and regulations;
- To provide certain services to third parties when processing personal data owned by such parties; and
- To operate, maintain, and manage the Service, and to improve the administration of the Service and quality of experience when customers use the Service.
2. Rights of Customers and Other Subjects Concerned
Each customer or the other subject concerned has the following rights regarding EU and UK personal data about himself or herself.
(1)Right to access to his or her own EU and UK personal data and other information relating to his or her personal data
(2) Right to rectify inaccuracies of his or her EU and UK personal data without undue delay
(3) Right to erase his or her EU and UK personal data without undue delay
(4) Right to restrict processing of his or her EU and UK personal data
(5) Right to receive EU and UK personal data provided by customers or other concerned subjects by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the EU and UK personal data to other organizations in order for them to manage without hindering transferring process
(6) Right to object to public interest; processing for the interests of us, a third party or both; and processing for direct marketing for EU and UK personal data of customers and other subjects concerned
(7) Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals
(8) Right to lodge a complaint with a supervisory authority
3. Conditions for Processing of EU and UK Personal data
We may process EU and UK personal data when any one of the following cases is applicable, even if we have not obtained consents from customers and/or others concerned.
(1) When the processing is necessary for the execution of the contract where a customer or other subject concerned himself or herself is the contracting party. Or when the processing is necessary in accordance with request from a customer or other subject concerned at the stage when the contract is not concluded yet.
(2) When the processing is necessary to comply with the legal obligation that we shall abide by; for example, when following information disclosure orders based on laws and regulations from government agencies etc.
(3) When the processing is necessary to protect serious interests of customers, other subjects concerned, or both.
(4) When it is deemed appropriate to investigate, prevent, or take measures against illegal acts or suspicious acts.
(5) When the processing is necessary for legitimate interests pursued by a third party or us to the extent that it is processing does not infringed right, profit, and freedom concerning the privacy of a customer or other subject concerned.
4. Special Types of EU and UK Personal Data
In principle, in order to conduct various procedures concerning the Service providing, we shall obtain prior consent from customers and other subjects concerned. Moreover, we collect, use and transfer special types of EU and UK personal data belonging to customers and other subjects concerned such as health conditions and physical characteristics that are necessary in relation to the scope of the purpose; and their EU and UK personal data shall not be processed except for its purpose.
In order to appropriately manage EU and UK personal data of customers and other subjects concerned and prevent leakage, loss and damage of those EU and UK personal data, including other safety management approaches, we carry out technical, physical, organizational and human related safeguards.
6. International Transfer of EU and UK Personal Data
EU and UK personal data is transferred to us and our outsourcing contractors such as cloud provider and IT service vendor located in Japan; and may be stored in servers located in Japan.
Japan has been recognized and determined as country providing adequate data protection by the European Commission, and we manage EU and UK personal data of customers and other subjects concerned appropriately.
7. Transfer of EU and UK Personal Data
EU and UK personal data belonging to customers and other subjects concerned are transferred to our outsourcing contractors such as cloud provider and IT service vendor to which we have subcontracted our business operation to the extent necessary for service provision.
In addition, we request appropriate processing of the transferred EU and UK personal data to those outsourcing contractors, and manage EU and UK personal data of customers and other subjects concerned appropriately.
8. Archiving, Deletion, Disposal of EU and UK personal data
Except where otherwise specified by laws and regulations, we define the retention period of EU and UK personal data of customers and other subjects concerned within the scope necessary for the purpose of use.
After the defined retention period has expired or the purpose of use has been achieved, we delete EU and UK personal data of customers and other subjects concerned without delay.
9. About Cookies and Other Similar Technologies
A cookie is an information used to transmit information from this site to your browser. When you, as a customer or other visitor, visit this site again, the cookie helps you to use this site more conveniently and is stored in your personal computers/devices.
Furthermore, the stored information does not include information such as your name, your residential address, your phone number and your email address which can be used to identify an individual.
Cookie also does not have negative effects on your computers/devices.
Cookie information that is collected from customers and other visitors will be transmitted to and stored in servers at our web servers and our outsourcing contractors such as cloud provider and IT service vendor.
We also obtain statistical data concerning access information such as the number of accesses and stay period for this site from stored data by using web analytics service and some other services.
It is possible to block cookie, if you, as a customer or other visitor, change the setting of your web-browser. In such cases, you will not have a trouble viewing this site except for some functions. Please make contact with the developer and/or distributor of the web-browser that you are using for its setting procedure.
10. Group-wide Data Protection Officer and Group-wide Representative for EU and UK Personal Data
＜Group-wide Data Protection Officer for EU and UK Personal Data (G-DPO)＞
GMO Internet Group, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya-Ku, Tokyo, 150-8512 , Japan. Email address: firstname.lastname@example.org
＜Group-wide Representative for EU Personal Data＞
JANSON BAUGNIET CVBA
E-mail address: email@example.com
＜Group-wide Representative for UK Personal Data＞
60 Gracechurch Street
London EC3V 0HR
DX 700 London City
E-mail address: firstname.lastname@example.org
11. Claims and Inquiries
12. Claims and Inquiries
Requests for disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) shall be dealt with in the following manner. Please be aware that we will not accept requests by email or by any method other than that laid out below.
Please print out our prescribed form and fill in necessary information. After filling in, please enclose the necessary documents, and send them to the following address by certified mail.
GMO Adam, Inc.
SHIBUYA FUKURAS, 1-2-3, Dogenzaka, Shibuya-Ku, Tokyo, 150-0043, Japan
Disclosure and Other Requests Form is below,