GDPR Notice

Japan is not in the EU/EEA. This page explains GDPR-style principles and rights as a transparency notice for EU/EEA visitors and clients where GDPR may be applicable.

1) When GDPR may apply

GDPR can apply in certain cross-border situations, such as when services are offered to individuals in the EU/EEA. If GDPR applies to your situation, the rights and principles below describe how we aim to handle personal data. If local law provides different mandatory rights, we respect those as applicable.

2) Data processing principles

  • Lawfulness, fairness, transparency: we explain what we do and why.
  • Purpose limitation: we use data for the stated purposes.
  • Data minimization: we request only what is needed.
  • Accuracy: we keep data reasonably accurate and up to date.
  • Storage limitation: we retain data only as long as necessary.
  • Integrity and confidentiality: we use reasonable safeguards.
  • Accountability: we maintain internal practices appropriate to the service.

3) Lawful bases (where applicable)

Depending on the context, we may rely on:

  • Consent (e.g., contact forms with consent checkbox).
  • Contract or steps prior to entering a contract (e.g., to provide requested services).
  • Legitimate interests (e.g., website security and service improvement, balanced against your rights).
  • Legal obligation (where required).

4) Data subject rights

Where GDPR applies, you may have the following rights:

  • Right of access: obtain confirmation and a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion in certain circumstances.
  • Right to restrict processing: limit processing in certain circumstances.
  • Right to data portability: receive certain data in a structured, commonly used format.
  • Right to object: object to processing based on legitimate interests in certain circumstances.
  • Right to withdraw consent: where processing is based on consent.

5) How to exercise rights

Email [email protected] with your request. Please include sufficient detail for us to locate relevant data. We may request reasonable verification.

6) Processors and sub-processors

We may use service providers (processors) for hosting and security. We aim to use contractual safeguards and confidentiality obligations appropriate to the scope of services.

7) International transfers

Data may be processed outside the EU/EEA depending on hosting/provider locations. Where GDPR applies, we aim to use appropriate safeguards (such as contractual measures) suitable for the data type and risk profile.

8) Retention

We retain personal data for as long as needed to fulfill the purposes described in the Privacy Policy and to comply with applicable laws. Retention decisions consider the nature of the data, service duration, and potential dispute resolution needs.

9) Supervisory authority

Where GDPR applies, you may have the right to lodge a complaint with a supervisory authority in your EU/EEA member state of residence, work, or where an alleged infringement occurred.

10) Contact

GDPR-related questions: [email protected]

Effective date: 2026-02-14