1. Privacy Statement

The protection of your personal data is of great importance to tonari K.K. (the “Company”). This global privacy policy (this “Privacy Policy”) therefore intends to inform you about how the Company entities, acting as data controllers, collect and process your personal data that you submit or disclose to us if you are located outside Japan (if you are located inside Japan, the Japanese privacy policy posted on our website is applicable to you). We also act as a data controller when we process your personal data received or obtained through third parties. We process this personal data in accordance with applicable data protection laws, including, but not limited to, EU and Member State regulations on data protection; in particular, General Data Protection Regulation No. 2016/679 (the “GDPR”).

We encourage you to read this Privacy Policy carefully. If you do not wish for your personal data to be used by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services, you may not have access to and/or be able to use some features of our website, and your customer experience may be impacted.

2. How We Use Your Personal Data

We will always process your personal data based on one of the legal bases provided for in applicable data protection laws.

We may collect and process your personal data for the purposes detailed below, which are required so that we can (i) provide you with adequate services and products or use your services based on contracts, (ii) pursue our legitimate interests, or (iii) comply with legal obligations applicable to us:

1. to offer you products and services, including delivery and installation of our products (for (i) and (ii));
2. to allow you to utilize interactive features of our services, when you choose to do so (for (i) and (ii));
3. to notify you about changes to our services (for (i) and (ii));
4. to inform you about the terms and policies of our services and products (for (i) and (ii));
5. for hiring processes (for (i) and (ii));
6. to use your services provided by you (for (i) and (ii)):
7. to ensure that content from our website is presented in the most effective manner for you (for (ii));
8. to improve and develop our products, services, and advertising (for (ii));
9. to conduct data analysis, business analysis, research, and audits (for (ii));
10. to ensure business continuity (for (ii));
11. to promote safety and security, such as by monitoring fraud and investigating suspicious or potentially illegal activity or violations of our terms or policies (for (ii) and (iii)); and
12. for compliance with applicable laws (for (iii)).

If you seek to know the details of our legitimate interests, please contact us using the contact information provided in 12 below.

Also, subject to obtaining your express prior consent, we may also collect and process your personal data for the following purposes:

1. to contact and provide you with information which we feel may be of your interest;
2. to manage your subscriptions to newsletters; and
3. to share your personal data with third-party partners who may send you marketing communications in relation to their products and services.

Please be aware that you are entitled to withdraw your consent at any time by contacting us using the contact information provided in 12 below, without affecting the lawfulness of processing based on your consent before withdrawal thereof.

We will process your personal data for these specified, explicit, and legitimate purposes and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to achieve the purposes specified above.

3. What Types of Personal Data We Use

For the purposes specified under this Privacy Policy, we may collect the following categories of personal data:

• Given name and surname
• Title
• Home address
• Location data
• Email address (personal/professional)
• Telephone number (personal/professional)
• Employer information
• Online identifiers (IP addresses)
• Credit card/bank account information

Recorded customer phone calls

• Recruitment information (e.g., CVs, certificates, marital status, date of birth, reference letters)

We can collect such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms displayed on our website) or indirectly where such personal data is provided to us by your electronic communication terminal equipment or your Internet browser. We ensure that your personal data processed is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. As it is necessary to collect some personal data in order to provide services or goods based on contracts with you or your employer, we might not be able to provide services or goods if you do not provide us with such personal data.

4. How We Share Your Personal Data

We may share your personal data with our subsidiaries or any other affiliates or with the third parties specified below in accordance with applicable law. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfers and processing. Furthermore, where the GDPR applies to us and we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller and controller-to-processor standard contractual clauses approved by the European Commission, in order to cover such transfers.

Strategic Partners

Your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. Your personal data will only be shared by us with those partners in order to provide or improve our products, services, and advertising.

Service Providers

We may share your personal data with companies or independent contractors which provide services on our behalf, such as software development, product installation, hosting, maintenance, support, email services, marketing, auditing, order fulfillment, payment processing, data analytics, customer service, and customer research and satisfaction.

Corporate Business Transactions

In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to relevant third parties.

Legal Compliance and Security

It may be necessary for us, by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence, to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.

We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

Data Transfers

Such disclosures may involve transferring your personal data out of the jurisdiction where you are located to the following countries: Japan, Czech Republic. These countries may change due to changes in the business environment.

Such transfers may take place for the purposes specified in 2 above. For each of these transfers, we make sure that we provide an adequate level of protection for the data transferred if required under applicable data protection laws; in particular, by entering into standard contractual clauses as defined by the European Commission decisions if the GDPR applies to us. If you seek to know how we ensure an adequate level of data protection, such as the details of the standard contractual clauses, please contact us using the contact information provided in 12 below.

5. Data Processing Records

We handle records of all processing of personal data in accordance with applicable data protection laws, both where we might act as a controller or as a processor.

6. Security Measures

We process your personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, and damage.

We use appropriate technical or organizational measures to achieve this level of protection.

We will retain your personal data for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

7. Notification of Data Breaches to Competent Authorities

In case of a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed, we have mechanisms and policies in place in order to identify and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you if required by applicable data protection laws.

8. Processing Likely to Result in High Risk to Your Rights and Freedoms

We have mechanisms and policies in place to identify data processing activities that may pose a high risk for your rights and freedoms. If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with applicable data protection laws or that appropriate technical and organizational safeguards are in place in order to proceed with it. In case of doubt, we will contact the competent authority in order to obtain their advice and recommendations.

9. Your Rights

You may have the following rights regarding personal data collected and processed by us, subject to applicable data protection laws:

1. Information regarding data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you.
2. Access to personal data: You have the right to obtain from us confirmation as to whether personal data concerning you is being processed and, where that is the case, to access the personal data and certain related information.
3. Rectification or erasure of personal data: You have the right to demand that we correct any inaccurate personal data concerning you without undue delay or that we complete any incomplete personal data. You may also have the right to demand that we erase personal data concerning you without undue delay, when certain legal conditions apply.
4. Restriction on processing of personal data: You may have the right to demand that we restrict the processing of personal data, when certain legal conditions apply.
5. Objection to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, when certain legal conditions apply.
6. Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller without hindrance, when certain conditions apply.
7. Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions apply.

Please note that the rights above may be granted to you if the GDPR applies to us in our processing of your personal data. Subject to applicable data protection laws, some of the rights above may not be granted to you.

If you intend to exercise such rights, please contact us using the contact information provided in 12 below.

If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with the competent authority.

10. Links to Other Sites