Privacy Policy | SPACECOOL INC.

SPACECOOL

Contact us

Privacy Policy

TopPrivacy Policy

SPACECOOL INC. and SPACECOOL Europe GmbH (each, the “Company”) hereby establish this Privacy Policy (this “Policy”) as follows, concerning the handling of personal information in the provision of services on the Company’s website, the sales of the Company’s products, the provision of the Company’s services, and in any other of the Company’s other business operations.

Article 1.    Personal Data
“Personal Data” in this Policy means any information relating to an identified or identifiable natural person.
  • (1) An “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, or location data, an online identifier (including any collected through cookies), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • (2) A “cookie” is a small text file which can store details of the customer’s access to the Company’s websites on the customer’s computer (including devices that can be connected to the internet such as smartphones, tablets, etc.). For details of the use of “cookies” on the Company’s websites, please see our cookie policy (https://spacecool.jp/en/cookie_policy/).
Article 2.    Methods of Collecting Personal Data
The Company may obtain Personal Data from a data subject who possesses such Personal Data in any of the manners set forth below:
  • (1) Receiving information directly from the data subject:
    Name, date of birth, gender, address, postal code, telephone number, facsimile number, email address, membership ID, password, bank account number, credit card number, company name, department name, job title, IP address, etc.;
  • (2) Collecting and generating information by automated means:
    An online identifier such as a cookie, device information, location information, activity records, etc.;
  • (3) Receiving information from a third party:
    In addition, the Company may obtain Personal Data as stated in Item (1) above using legal and appropriate means indirectly from the Company’s suppliers, customers and business partners, etc.

There may be cases where the Company must obtain certain Personal Data in order to manage its business. In such case, the Company sets forth the Personal Data that must be obtained. If the Company is unable to obtain such Personal Data, this may cause hindrance to the appropriate management of the Company’s business (for example, the Company may not be able to provide all or part of the services to its customers).
Article 3.    Legal Basis for Processing Personal Data
Except in the cases set forth below, the Company does not collect, record, organize, transfer or otherwise handle (collectively, “process”) any Personal Data. Even if Personal Data is processed in accordance with the consent given pursuant to the following Item (1), the data subject may withdraw his/her consent at any time.
  • (1) the data subject has given consent to the processing of his/her Personal Data for one or more specific purposes set forth in Article 4 or added or changed in accordance with Article 5;
  • (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • (3) processing is necessary for compliance with a legal obligation to which the Company is subject;
  • (4) processing is necessary in order to protect the vital interests of the data subject or another natural person;
  • (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company; or
  • (6) processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of his/her Personal Data.
Article 4.    Purposes of Collecting and Using Personal Data / Legal Basis for Processing Personal Data
The Company’s purposes for collecting and using Personal Data shall be as follows.
  • (1) To authenticate individuals on the websites operated by the Company and to provide services on such websites:
    Legal basis: performance of contracts, legitimate interests (including the interests of performing the Company’s business)
  • (2) To make contact as necessary in transactions with the Company and use of products or services, and to send or deliver e-mail newsletters, direct mail and various notifications, etc.:
    Legal basis: performance of contracts, legitimate interests (including the interests of performing the Company’s business) or consent (limited to cases where required by the applicable laws or regulations).
  • (3) To implement campaigns, questionnaires, monitoring and media coverage, etc. relating to the websites, products or services of the Company:
    Legal basis: legitimate interests (including the interests of performing the Company’s business/sales operations)
  • (4) To collect and analyze data to maintain and improve convenience and quality relating to the websites, products or services operated by the Company:
    Legal basis: legitimate interests (including the interests of improving and developing the Company’s services)
  • (5) To distribute and display advertisements and content, etc. based on attribute information, device information, location information and behavior history, etc.:
    Legal basis: legitimate interests (including the interests of performing the Company’s business/sales operations) or consent (limited to cases where required by the applicable laws or regulations)
  • (6) To improve the services and products operated or provided by the Company, and to develop and market new services and products:
    Legal basis: legitimate interests (including the interests of improving and developing the Company’s services)
  • (7) To respond to opinions, inquiries and comments on social networking sites, etc. with respect to the Company:
    Legal basis: legitimate interests (including the interests of performing the Company’s business)
  • (8) To provide recruitment information, make contact with, and manage recruitment affairs of, applicants for employment with the Company:
    Legal basis: performance of contracts or legitimate interests (including the interests of performing the Company’s business)
  • (9) To pay salaries to employees, provide employee benefits, and manage social insurance administration:
    Legal basis: performance of contracts or legitimate interests (including the interests of performing the Company’s business)
  • (10) To conduct evaluation of employees, and labor management including attendance management:
    Legal basis: performance of contracts or legitimate interests (including the interests of performing the Company’s business)
  • (11) To deliver and send inquiries or notices relating to any acts that may interfere with or infringe upon the rights or business/sales operations of the Company or the Company’s customers:
    Legal basis: compliance with legal obligations or legitimate interests (including the interests of performing the Company’s business)
  • (12) To operate, provide, improve and develop the Company’s business and services:
    Legal basis: performance of contracts or legitimate interests (including the interests of improving or developing the Company’s services)
  • (13) To analyze information including browsing history or purchase history, etc., obtained in the media of the Company or any third party, and to deliver advertisements on the products or services of the Company or any third party in line with the customer’s hobbies, preferences, interests or concerns:
    Legal basis: consent (limited to cases where required by the applicable laws or regulations) or legitimate interests (including the interests of performing the Company’s business/sales operations).
Article 5.    Changes and Additions to the Purposes of Using Personal Data
  • (1) The Company may only make changes or additions to the purposes of using Personal Data in the event that it is reasonably recognized that such purposes of using Personal Data are relevant to the purposes before such change or addition.
  • (2) In the event that there are any changes or additions to the purposes of using Personal Data, the Company shall notify users or publish an announcement on its websites of any changed or additional purposes of using Personal Data in the manner prescribed by the Company, before processing the Personal Data in accordance with such changed or additional purposes.
Article 6.    Management of Processors
In the event that the Company outsources all or part of the Personal Data processing, the Company shall enter into a contract with the processor that includes provisions maintaining confidentiality or otherwise seek an agreement on the terms stipulated by the Company, and shall then perform the necessary and appropriate supervision to ensure that the processor safely manages the Personal Data.
Article 7.    Provision of Personal Data in Connection with Outsourcing the Processing Thereof
The Company may outsource the processing of Personal Data to the business operators, etc. listed below for the purposes specified in Article 4:
  • (1) Processors such as service providers for providing the Company’s services; and
  • (2) Attorneys, certified public accountants, certified public tax accountants and other advisors.
Article 8.    Provision of Personal Data to Third Parties
The Company shall not provide a data subject’s Personal Data to any third party except in the following cases:
  • (1) where the data subject’s consent is obtained;
  • (2) where the provision of Personal Data is required under the laws and regulations;
  • (3) where it is necessary for the protection of a person's life, body or property, and it is difficult to obtain the data subject’s consent;
  • (4) where it is particularly necessary for the improvement of public health or the promotion of the sound development of children, and it is difficult to obtain the data subject’s consent;
  • (5) where it is necessary to cooperate with a national government agency, a local public body, or a person entrusted thereby in performing the duties prescribed by the laws and regulations, and where obtaining the data subject’s consent may impede the execution of such duties; and
  • (6) other cases specified as exceptions by the laws and regulations.

Notwithstanding the foregoing, if a data subject consents to this Policy, the Company may provide advertising service providers with information that has been processed to reduce the possibility of identifying a specific individual, for the purpose of delivering targeted advertisements.
Article 9.    Joint Use of Personal Data
The Company may jointly use the data subject’s Personal Data with other parties as set forth below.
  • (1) Purposes of joint use
    Purposes set forth in Article 4
  • (2) Information to be jointly used
    Personal Data set forth in Article 2
  • (3) Scope of persons that jointly use Personal Data
    The Company and its subsidiaries or affiliates
  • (4) Person responsible for managing Personal Data
    SPACECOOL INC.
    4th Floor, Toranomon Hills Business Tower 1-17-1
    Toranomon, Minato-ku, Tokyo, 105-6404 Japan
    Representative Director and CEO: Masahiro Suemitsu
Article 10.    Cross-Border Transfer of Personal Data
The Company may transfer the data subject’s Personal Data to third countries outside the data subject’s country of residence (or outside the EU for customers in the EU) (the “Cross-Border Transfer”) for the purposes set forth in Article 4.

When transferring a data subject’s Personal Data to a third country, the Company may effect such transfer, in compliance with the applicable laws and regulations, (i) to a country that has received an adequacy decision, (ii) to implement measures required to protect Personal Data, such as execution of standard contractual clauses prescribed by the supervisory authority, or (iii) by obtaining the data subject’s consent.

In the case of a Cross-Border Transfer of Personal Data with the data subject’s consent, the details of such transfer required in accordance with the applicable laws and regulations are as follows.
  • (1) Names of Foreign Countries: [Germany, USA]
  • (2) Personal Data Protection Systems in Foreign Countries: For information on the personal information protection systems in foreign countries, please visit the Personal Data Protection Commission's website (https://www.ppc.go.jp/enforcement/infoprovision/laws/).
  • (3) Measures for Protection of Personal Data Taken by Third Parties to Which Personal Data is Transferred: [The third parties to which Personal Data is provided have taken all measures corresponding to the eight principles set forth in the OECD Privacy Guidelines ((1) Collection Limitation Principle, (2) Data Quality Principle, (3) Purpose Specification Principle, (4) Use Limitation Principle, (5) Security Safeguards Principle, (6) Openness Principle, (7) Individual Participation Principle, and (8) Accountability Principle)].

For detailed information, such as obtaining a copy of the standard contract clauses, etc., please make an inquiry using the inquiries counter specified in Article 14.
Article 11.    Safety Control Measures
The Company shall take necessary and appropriate organizational, personal, physical and technical security control measures to protect the information obtained. For details of the safety control measures, please make an inquiry using the inquiry counter specified in Article 14.
Article 12.    Rights Pertaining to Personal Data
Data subjects may contact the counter specified in Article 14 at any time to exercise their rights to the Personal Data held by them. Upon receiving such a notice from a data subject, the Company shall respond appropriately in accordance with the laws and regulations applicable in the jurisdiction of the data subject. Depending on the applicable law, the rights relating to the data subject’s Personal Data may include the following:
  • (1) Right of access;
  • (2) Right of rectification;
  • (3) Right to erasure (right to be forgotten);
  • (4) Right to restrict processing;
  • (5) Data portability rights;
  • (6) Right of objection;
  • (7) Right not to be subject to a decision based solely on automated processing, including profiling; and
  • (8) Right to challenge the supervisory authority.
Article 13.    Personal Data Retention Period
The Company shall retain Personal Data for the retention period legally specified in each EU member state and in Japan. The Company shall immediately and safely delete Personal Data after the elapse of such period unless it is necessary for the execution of contracts or other processing purposes.
Article 14.    Contact
For inquiries about this Policy, please contact the counter of the controllers below:

[SPACECOOL INC.]
4th Floor, Toranomon Hills Business Tower 1-17-1
Toranomon, Minato-ku, Tokyo, 105-6404 Japan
Company Name: SPACECOOL INC.
Email: info@spacecool.jp

[SPACECOOL Europe GmbH]
Address: Schellingstr. 109a, 80798 Munich
Company Name: SPACECOOL Europe GmbH
Email: info@spacecool.jp