Privacy Policy for GDPR

President Nobuya Yamanaka

This private policy for GDPR defines the basic items that must be complied to properly manage and operate the personal information handled by the Company.


This private policy (hereinafter refer to “The Policy”) for GDPR is for the purpose of informing our exercise as the data manager (or the personnel who process the data), that handling (includes collection, usage, storage, and disclosure, but not limited to those actions) of personal information that identified within European Economic Area (hereinafter referred to as “EEA”), or any information (hereinafter referred to as “personal data”) relating to an identified or identifiable natural person (hereinafter referred to as “data subjects”).
We respect the personal privacy rights, and we comply the laws and regulations (includes EU General Data Protection Regulation 2016/679 (hereinafter referred to as “GDPR”)) regarding protection of data and privacy.

2.Collection and its use of personal data

For improvement of our services, we may request you to provide personally identifiable information (includes the name, telephone number, address and password, but not limited to those information). The information we collet will be used for contacting you, or to identify you.

3.Log data

Based on the agreement for opt-in* by you whom is the data subject, we would like to inform that we may collect the log data that is your personal computer browser transmits to us. This log data is, your IP address, browser version, how you viewed the webpage, time and date of the viewing, how long you have stayed on the webpage, and other information such as statistics may be included.

*Opt-in … for example, an intention of the customer that customer gives consent in advance, such as when transmitting advertisement only to the customer gave consent in advance.


Cookie is a small piece of data file that is used in general as anonymous and unique identifier. Based on your Opt-in agreement, Cookie is sent from our website to your browser, and stored in your computer hard drive.
Our website may use these cookies for collecting information and improvement of our service. You have choice of accepting or refuse receiving the cookie, and you can know when a cookie is sent to your computer. If you chose to refuse our cookie, you may not be able to use some of our services.

5.Disclosure to outsourcing agent

We may outsource our operation to the third party company and individuals with the following reasons (example).

・To improve our services

・To delegate the service on behalf of us

・To analyze how our service is used by the customers

We may disclose personal data to those third party with the condition of this third party is implementing the safety management measures for protection of personal data, and abiding by the laws and regulations for protection of personal information.
When we outsource for processing personal data to the third party, we will not allow this third party to use the information rather than the purpose of its use. We authorize such third parties to process personal data only within our instructions and within applicable scope of laws and regulations.
Moreover, we are using Google Analytics that is web analytic service provided by the Google, Inc. (hereinafter referred to as “Google”) to grasp our homepage access situations. We may use Cookie, Web beacon, and other similar technology for providing the services. Cookie and Web beacon will be used for the statistical analysis as anonymous information, also it may be associated with information that identifies customers to provide more customized service with membership services.
We are also using user attribution that is compatible with the function for Google advertisement, and interest category report functions. Those functions can be opt-out (suspending the function) at the customer’s discretion.
Please refer below for how to optout.

Create link to [Google analytics optout ad-on]

Create link to [User attribution・interest category report optout]

6.Transferring personal data from EEA to non-EEA regions.

As a general principle, we will not transfer personal data from EEA to non-EEA regions. However, in the event that the Company has to make the above transfer, the transfer will be implemented only if at least one of the following conditions is met:

  1. (a)Transfer of personal information from the EEA to countries (Non-EEA region countries) where the European Commission has determined that the level of protection of personal data is sufficient. Japan is determined as sufficient as above by European Commission in January 2019.
  2. (b)When we transfer personal data from the EEA to the other party located in a non-EEA area upon entering into a data transfer (or processing) agreement with the other party to whom the data is transferred. This agreement shall include standard contracts that specified by the European Commission (to bring the same effects of protection as data subjects who resides in EEA to the non-EEA regions).
  3. (c)When applicable to one of the exceptions regulated in GDPR Article 49 “Exception in special circumstances”.

7.Information Security

The Company acknowledged the customers trust us to provide their personal data to us. Therefore, we will endeavor to handle personal data in a manner that is sufficient in light of business practices to protect personal data. The Company will limit access to personal data to those who need to handle as business operation, such as our employees, proxy, subcontractors and other third parties listed in the above “Disclosure to outsourcing agent”. The person handling the personal data is only allowed to process the personal data within the scope of our instructions and subject to confidentiality obligations.

8.Your privacy rights

People who resides in EEA regions have rights to access and manage their personal information. You are allowed to check, change or cancel your account* any time.

*What is an account…Rights to use terminal and network service described in the format of User ID etc. The system is used to uniquely identify users, providing functions such as providing a dedicated data storage area, recording individual settings, and providing authorized functions and services.
You have specific rights under the data protection law that apply to you. These rights include the followings :

  1. (i)Rights to request access to the personal data, and to obtain the copy of your personal data.
  2. (ii)Rights for request to amend and delete the personal data.
  3. (iii)Rights to restrict processing your personal data. And if applicable :
  4. (iv)Rights to restrict transferring of data.

In under special circumstances, you have rights to protest for processing of your personal data. When requesting such cases, please contact to the contact information listed at the end of this policy. The Company will implement reviewing and make actions for the requests according to applicable data protection law.

When we process your personal information based on your consent, you have rights to change your consent anytime. However, withdrawing of your consent will not be affecting the legality of data processing before withdrawing of your consent.
If you are residing in EEA, and your personal data is believed to be processed illegally, you have rights to claim to your local data protection supervisory body.Please refer the following URL for supervisory body information.

9.Account Information

By contacting the contact information at the end of this policy, you are always able to review / change your information of your account, or to cancel your account.
Upon your request of termination of the account, The Company shall inactivate or delete relevant account and relevant account information from our current database. However, some of the information may be kept for complying to prevent fraud, resolve issues, cooperate with public authorities in investigations, and comply with legal requirements.
Cookie and similar technology : Almost any web browsers are set to receive cookies by default. If user prefers, you can set your browser to delete and refuse to accept cookie. If the user delete cookie, or refuse to accept cookie, it may affect the website features and you may not be able to receive our service.

10.Link to the third party website

Our website may contain links to the website that operated by the third party. When the user clicks on the relevant third party website link, user will be led to the third party website. Please be noted that these external websites are not operated by us. Therefore, we would like to recommend the users to carefully review GDPR Privacy Policy on these external websites. We have no control authority over and shall not be responsible for the content or service of third party website, and its GDPR Privacy Policy or practices.

11.Privacy of minors

Our service is not targeted to the minors under 16 years old (or age that regulated by the local law). We do not knowingly collect personally identifiable information anyone under relevant age. If we discover that child under relevant age provided personal information to us, we shall immediately remove the information from our servers. If the user is a parent or a guardian, and if your child has provided us with personal information, please contact us and we will take appropriate actions, such as deleting the information.

12.Revising of this policy

We may revise our policies. Therefore, we recommend that you periodically check this policy for changes. We will inform you of these changes by posing the new policy on our website. These changes will take immediate effect upon posting on the website.


If you have any queries and opinions on the policy, please contact us below.


Address : 2-5-6 Shiba, Minato-ku, Tokyo, Japan

Division in charge : Optimus Group Company Limited, General Affairs & IR Unit