Privacy Policy

 

NAKAMURA-TOME PRECISION INDUSTRY CO., LTD. (hereinafter called “we,” “us,” or “our”) have defined our Privacy Policy in handling the personal information of individuals (called “Individual User”) or corporate personnel (called “Corporate User”) using this service as described below.

 

1. Compliance with Laws

1.1. We declare that we shall observe laws and regulations concerning privacy protection or personal information protection of Japan (hereinafter called “Act on the Protection of Personal Information”) in handling the personal information of Individual User and Corporate User (hereinafter called “User”).

1.2. We declare that we shall observe laws and regulations of General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (UK GDPR) in handling the personal information of the User using this service in European Economic Area (EEA) and in the United Kingdom.

1.3. We declare that we shall observe laws and regulations of California Consumer Privacy Act (CCPA) and, after the enforcement of California Privacy Rights Act (CPRA), CPRA, in handling the personal information of the User using this service in the state of California in the United States.

 

2. Personal Information (Personal Data) We Collect

2.1. We collect the following types of personal information (personal data) at the user registration of this service.

(1) For Corporate User

(a) Name of Corporate User

(b) Corporate name where Corporate User belongs

(c) Address, telephone number, and fax number where Corporate User is assigned in the corporation

(d) Job title of Corporate User in the corporation

(e) Email address used by Corporate User

(2) For Individual User

(a) Name of Individual User

(b) Address, telephone number and fax number of Individual User

(c) Email address used by Individual User

2.2. We collect the IP address of the device used to access this service.

 

3. Purpose of Use of Collected Personal Information (Personal Data)

3.1. We use the personal information (personal data) we collect for the following purposes.

(a) To provide information regarding updating or maintenance of this service or the software we distribute within this service

(b) To support and respond to the User inquiries when we receive an inquiry regarding this service or the software we distribute within this service

(c) To grasp information related to installation site on a device where the software distributed in this service is to be installed, and to manage that information within the scope necessary to be compliant with export control regulations under the Foreign Exchange and Foreign Trade Law.

3.2. We may use the collected IP address of the device for the purpose of, in the event of illegal access to, or illegal use of this service, tracing its attacker.

 

4. Retention Period of Personal Information

4.1. The personal information (personal data) of the User shall be kept until the User resigns from the user registration.

4.2. The personal information (personal data) of the User shall be deleted upon termination of the user registration except for the information regarding the installation site on the device where the backup data or software distributed within this service has been installed.

4.3. We back up the personal information (personal data) of the User for at a maximum of the past six (6) months in order to prevent a case from not offering this service due to the loss of the User’s personal information (personal data). Therefore, we may continue to store the User’s personal information (personal data) from necessity for the maximum of six (6) months after the User resigns from the user registration.

4.4. We shall, in order to be compliant with the export control regulations under the Foreign Exchange and Foreign Trade Law in Japan, continue to keep the information regarding the installation site on the device where the software distributed in this service is installed even after the User resigns from the user registration.

 

5. Security Measures for Personal Information based on the Act on the Protection of Personal Information

5.1. We shall save personal data of the User (used in referring to “Personal data” defined in the Act on the Protection of Personal Information, and used in the same meaning set forth in 5.1. to 5.6.) on our in-house server located in Japan and on a domestic server offered by Amazon Web Service (AWS). As for AWS, we shall perform an appropriate region setting so as not to transfer Users’ personal data outside Japan.

5.2. We shall establish a committee for personal information protection assigning a chief privacy officer in the committee and a personal information protection manager in each division, and shall manage the personal data systematically and continuously in accordance with the guidelines published by the committee.

5.3. We shall continue to conduct employee training with respect to the protection of personal data, and shall take measures to ensure that employees treat personal data as confidential information.

5.4. As for in-house server to be used for managing the personal data, we shall take proper measures physically such as security measures of a server room in order to prevent occurrence of damages caused by physical destruction or theft, etc., along with technical measures, for instance, installation of robust server that can protect from illegal access or other threats, necessary control of access, and fraud monitoring system, and so on.

5.5. In the management of personal data via AWS, we shall take technical measures, including necessary control of access, introduction of multi-factor authorization, and fraud monitoring system.

5.6. We shall periodically review the measures of those mentioned in provisions 5.1 to 5.5, and continue to make efforts to be improved.

 

6. Commission for Handling Personal Information and Provision to Third Parties

6.1. Upon receiving inquiries on this service or on the software we distribute within this service from the User, we may commission overseas distributors for its support service if it is necessary to support the User for answering its inquiries. In such cases, we may provide such overseas distributors with the personal information mentioned below.

(1) For Corporate User

(a) Name of Corporate User

(b) Corporate name where Corporate User belongs

(c) Job title of Corporate User in the corporation

(d) Email address used by Corporate User

(2) For Individual User

(a) Name of Individual User

(b) Email address used by Individual User

6.2. Upon commissioning overseas distributors for handling the personal information, we shall, pursuant to the provision of 6.1, select parties we can entrust for handling the personal information. We shall also conclude a contract on handling the personal information with overseas distributors. In the event of overseas distributor locating outside of Japan except for EEA area and the United Kingdom, we shall include provisions obligating the handling of the personal information equivalent to those required in the Act on the Protection of Personal Information, and shall supervise its overseas distributors.

6.3. We shall not provide any personal information of the User to third parties, excluding cases mentioned in the provision 6.1, or allowed by the Act on the Protection of Personal Information.

 

7. Request for Disclosure of Retained Personal Information based on the Act on the Protection of Personal Information

7.1. In the event that, pursuant to the provisions defined in the Act on the Protection of Personal Information, we are requested to notify the purposes of use of the retained personal data from the User (referred to as “retained personal data” defined in the Act on the Protection of Personal Information, and the same shall be applied from 7.2 to 7.4 below), disclose, correct, add, or delete the retained personal data, or that we receive requests for cessation or deletion of use, or cessation of providing its retained personal data to the third parties (hereinafter called “requests for disclosure of the retained personal data”), we shall respond those requests appropriately based on the Act on the Protection of Personal Information.

7.2. In the event that the User hopes for the requests for disclosure of the retained personal data, please send an email to the address below. We shall then notify how to provide us the data of the User’s ID verification documents (in the event of an agent exercising its right, the data of the agent’s ID verification documents additionally), and how to request the disclosure of the retained personal data in the reply. We do not accept any requests by methods other than above.

[Contact address]

Customer support for NT Update

7.3. In the event that we receive requests set forth in 7.2., we shall respond to the User’s requests for disclosure of the retained personal data only if the User’s ID is confirmed (in the event of an agent exercising its right, the agent’s ID is confirmed additionally) by the methods we provided to the User.

7.4. In the event that we disclose the retained personal data in writing at a request of the User or an agent of the User, we charge 1,000 yen/case in advance for commission along with shipping cost to a desired destination.

7.5. The Kanazawa District Court shall have exclusive jurisdiction of the first instance for the procedure for requests for disclosure of the retained personal data.

 

8. Our Information

[Corporate name] NAKAMURA-TOME PRECISION INDUSTRY CO., LTD.

[Address] Ro 15 Netsuno, Hakusan, Ishikawa, 920-2195 Japan

[Representative’s name] Shogo Nakamura

 

9. Inquiries

Inquiries regarding the handling of the personal information shall be accepted below.

[Contact address]

Customer support for NT Update

 

10. Indication for User using this Service in EEA Area or in the United Kingdom

(Note) The provisions set forth from 10.1. to 10.10. apply to the User using this service in EEA area or in the United Kingdom.

 

10.1. Purpose of Use of Collected Personal Data and Legality for its Handling

10.1.1. We use the User’s personal data for the purposes set forth in the provisions 3.1.(a) and (b). Such use of the personal data is legal under both GDPR and UK GDPR because such use of the data falls under the required handling of the personal data in order to execute the contract with the User using this service or using the software distributed in this service. For clarity, providing such personal data is a contractual requirement in order for the User to use this service. Without the provision of such personal data, the User is unable to use this service.

10.1.2. We use the User’s personal data for the purposes set forth in the provision 3.1 (c). Since it is necessary for us to legally provide the software to the User located outside Japan, that is, such use of the personal data is legal under both GDPR and UK GDPR because such use of the data falls under the required handling of the personal data in order to execute the contract with the User using this service or using the software distributed in this service. For clarity, providing such personal data is a contractual requirement for the User to use this service. Without the provision of such personal data, the User is unable to use this service.

10.1.3. We use the User’s personal data for the purposes set forth in the provision 3.2. Since it is necessary for us to prevent the User in bad faith from interrupting the provision of this service or software within this service, such use of the personal data is legal under both GDPR and UK GDPR because such use of the data falls under the required handling of the personal data for legitimate interest of us. (Regarding a balancing test for legitimate interest, contact the address mentioned in 10.8.) For clarity, providing such personal data is not a contractual requirement, however, without the provision of such personal data, the User is unable to use this service.

 

10.2. Use of AWS to Save the Personal Data

10.2.1. We may save personal data of the User to a domestic server offered by Amazon Web Service (AWS). A provider of AWS is deemed to be a processor in this case, however, it is compliant with GDPR and UK GDPR including the protection measures for information security. For the avoidance of doubt, setting the AWS region prevents the transfer of the Users’ personal data saved on the server in Japan to a server outside Japan.

10.2.2. For details on the compliance to the GDPR and UK GDPR of AWS, please refer to the link below.

https://aws.amazon.com/jp/compliance/gdpr-center/

 

10.3. Commission for Handling Personal Data to Distributors

10.3.1. In the case set forth in 6.1., we shall conclude a contract with distributors to require all the following provisions in addition to the measures mentioned in the provision 6.2.

(a) Not handling the received personal data in the methods other than those specified in a written document from us.

(b) Making employees handling the personal data pledge maintenance of confidentiality, and performing the information security management required under the GDPR and UK GDPR

(c) Not making other employees or business entities handle the personal data

(d) Supporting fulfillment of obligations we assume under GRPR and UK GDPR

(e) Deleting all the personal data including copies after business we commission to its distributor is terminated

(f) Saving documents that can prove the observation of the provisions from (a) to (e), accepting audit by our auditor, or auditor commissioned by us, and making necessary information for audit available to us and aforementioned auditor

10.3.2. In the case of 6.1., in the event that the User selects other than “Teximp” as an overseas distributor, we shall not provide the personal data of the User in EEA area or the United Kingdom to distributors located other than EEA area and the United Kingdom.

10.3.3. In the case of 6.1., in the event that the User selects “Teximp” as an overseas distributor, we may provide the personal data of the User to headquarters of Teximp located in Switzerland and branch offices of Teximp in EEA area.

10.4. Right to Access

The User has the right to confirm to us if we are handling the personal data regarding the User. Moreover, if we are handling the personal data, the User has the right to access certain information such as purposes of handling its personal data, and categories, etc.

 

10.5. Right to Make us Correct or Delete the Personal Data

The User has the right to make us correct the incorrect personal data regarding the User without undue delay.

 

10.6. Right to Restrict the Handling

The User has the right to restrict the handling of the personal data to us if the doubt exists with us for the accuracy of the personal data, or if other certain requirements are satisfied.

 

10.7. Right to Express Dissent against Handling

The User has the right to express dissent to us for the handling of the personal data regarding the User if certain requirements are satisfied.

 

10.8. Right for Data Portability

The User can receive the personal data regarding the User in a structured, commonly used, and machine-readable form if certain requirements are satisfied. In addition, the User has the right to transmit its personal data to other administrators without being precluded by us.

 

10.9. Contact Address to Execute the Rights

In the event that the User wishes to execute the rights mentioned in the provisions 10.4. to 10.8., please send an email to the address mentioned below attaching the ID verification data that can confirm the User themselves (in the event of an agent exercising its right, the agent’s ID verification data additionally).

[Contact address]

Customer support for NT Update

 

10.10. Not Targeted for Automated Decision-Making

We shall not produce a legal effect to the User by the decision based solely on automated processing of the personal data of the User, or have an important influence on the User.

 

10.11. Right to Appeal to Supervisory Authorities

In the event that the User objects to our processing of the personal data, the User can appeal to the supervisory authority in the member states of GDPR or the United Kingdom where the User or User’s company is located or where a breach occurs.

 

10.12. Information on Representatives in the EU

[Corporate name] Nakamura-Tome Precision Industry GmbH

[Address] Max-Planck Str. 2 55218 Ingelheim am Rhein GERMANY

 

10.13. Information on Representatives in the UK

[Corporate name] Turning Technologies UK Ltd.

[Address] Wellesbourne Distribution Park Unit 16,Loxley RoadWellesbourne,CV35 9JY.

 

11. Indication for the User using this Service in the State of California in the United States

(Note) The provisions set forth from 11.1. to 11.8. apply to the User using this service in the state of California in the United States.

 

11.1. Sales and Share of Personal Information to Third Parties

11.1.1. We shall not sell or share the User’s personal information to third parties.

11.1.2. We save the User’s personal information on a domestic server offered by Amazon Web Service (AWS). In this regard, however, an administrator of AWS does not fall under the third parties of CCPA or CPRA. This is because the administrator of AWS restricts the access to the User’s personal information strictly, and takes measures to prevent the access other than us. In addition, such measures the administrator of AWS performs is obliged in the contract between the AWS administrator and us.

11.1.3. We may, pursuant to the provision in 6.1., provide the User’s personal information to distributors. In this regard, however, the distributors do not fall under the third parties of CCPA or CPRA. This is because we shall conclude a contract to cover all the provisions mentioned below between such distributors and us before we provide the personal information of the User located in the state of California in the United States to the distributors.

(a) Not to sell or share the User’s personal information

(b) To handle the User’s personal information to the extent of purposes of use of our commission

(c) Not to handle the personal information other than direct businesses with us

(d) Not to combine the User’s personal information we provide with other users’ personal information

 

11.2. General Obligations of Business Entities regarding Collection of Personal Information

After the enforcement of the CPRA, the User has the right to be announced about the terms hereof as a consumer when we collect the personal information of the User.

 

11.3. Right to Request Disclosure

The User has the right to request to disclose the personal information that we collect, use, disclose, or sell. The categories of the personal information that we collect are listed below. For the avoidance of doubt, all the personal information that we collect is obtained from the User themselves who is a consumer.

[The list of categories of the personal information]

(1) Identifier; Name of the user, email address used, address, telephone number, and/or fax number of the Individual User, and IP address of the device used by the User

(2) Professional or employment-related information; Corporate name where the Corporate User belongs, Address, telephone number, and/or fax number where Corporate User is assigned, and job title in the corporation

 

11.4. Right to Request Deletion

Under the provisions of the CCPA or CPRA, the user has the right to request deletion of the personal information we retain.

 

11.5. Right to Request Correction

Under the provisions of the CCPA or CPRA, the user has the right to request correction of the personal information we retain if such personal information is inaccurate.

 

11.6. Right of Opt Out of Sales

Under the provisions of the CCPA or CPRA, the user has the right to request to us not to sell the personal information we retain. Needless to say, we shall not sell any of such droit.

 

11.7. Right of Non-Discrimination

The User shall not be subject to any discrimination from us for the application of the rights stated in the CCPA or CPRA.

 

11.8. Inquiries

In the event that the User wishes to execute the rights listed in the provisions from 11.2. to 11.7. above, please send an e-mail to the address mentioned below attaching the ID verification data that can confirm the User themselves (in the event of an agent exercising its right, the agent’s ID verification data additionally).

[Contact address]

Customer support for NT Update

 

12. Revision of Privacy Policy

In the event that this Privacy Policy is revised, we shall announce the fact of revision, revision date, and its contents in this application.

 

13. Governing language

The governing language hereof shall be Japanese. This Privacy Policy may be translated into any language other than Japanese and published; provided, however, that the Japanese version shall prevail in the event that there arise any doubts or discrepancy between Japanese expression and that in other languages.

 

 

Revised on June 27, 2022

Established on April 1, 2022

Nakamura-Tome Precision Industry Co., Ltd.