Article 1 (Statement on Our Company's Personal Information Protection)

The protection of your personal information is extremely important to U/M/A/A Inc. (hereinafter referred to as "our company"), and this Personal Information Protection Policy (hereinafter referred to as "this policy") explains how our company collects and processes the personal information provided or disclosed by customers to our company as a data controller. Our company also controls data when processing personal information received or obtained through third parties. Our company processes this personal information in accordance with the General Data Protection Regulation No. 2016/679 (hereinafter referred to as "GDPR"), particularly the data protection regulations of the applicable EU and EU member states.

This policy supplements the "Privacy Policy," especially regarding the General Data Protection Regulation in the EU.

We kindly request that you review this policy. If you do not wish for our company to use your personal information as described in this policy, please do not provide your personal information to us. Please note that in such cases, our company may not be able to provide our services, and you may not be able to access certain website features and/or use those features, which may affect your customer satisfaction.

Article 2 (Use of Customer's Personal Information)

Our company always processes your personal information based on one of the legal grounds specified in the GDPR (Article 6 and Article 7 of GDPR). Our company also always processes sensitive information such as union membership status, religious beliefs, and health conditions in accordance with the special criteria specified in the GDPR (Article 9 and Article 10 of GDPR).

Our company may collect and process your personal information for the following purposes that are detailed below, which are necessary to pursue legitimate interests and provide you with appropriate services and products:

・Provide products and services to customers.
・Manage your account.
・Ensure that the content of our company's website is displayed to you most effectively.
・Inform you about changes to our services.
・Inform you about our policies and terms.
・Improve safety and security by monitoring fraudulent, suspicious, or potentially illegal activities and investigating violations of our policies or terms.
・Provide, improve, and create products, services, and advertising.
・Use personal information for data analysis, surveys, and audits.
・Ensure the continuity of our business.

In addition, with your explicit consent, our company may collect and process your personal information for the following purposes:

・Provide information that may interest you.
・Enable your participation in interactive features of our services (if you choose to).
・Manage the subscription to newsletters.
・Jointly use your personal information with third parties (partner companies) that may provide you with information about our products and services.
・Conduct business analysis.

You can withdraw your consent at any time. However, the lawfulness of the processing of personal information based on consent before its withdrawal will not be affected.

Our company will process your data only for the specific, explicit, legitimate purposes identified above. It will not further process the data in a manner that is incompatible with those purposes. If our company intends to process data initially collected for one purpose for a different purpose, we will inform you of this. Our company will retain your personal information as long as it is necessary to comply with our legal obligations, ensure the provision of appropriate services, and maintain our business activities (GDPR Article 5 and GDPR Article 25, paragraph (2)).

Article 3 (Types of Personal Information Used)

Our company may collect the following categories of personal information for the purposes stated in this policy:

・Home address
・Identification number (customer number, etc.)
・Email address (personal/business)
・Phone number (personal/business)
・Location data
・Online identifiers (IP address, cookie identifiers)・
・Credit card/bank account information

Suppose you decide to provide our company with your personal information (i.e., by filling out forms displayed on the website). In that case, we may directly obtain your personal information from you or indirectly obtain it through your electronic communication terminal device or internet browser providing it to our company. Our company ensures that the processed personal information is relevant, suitable, and limited to what is necessary for the purpose of processing.

Article 4 (Regarding the Sharing of Personal Information)

In accordance with GDPR, we may share your personal information with third parties. When sharing your data with data processors, we will establish appropriate legal frameworks for the transfer and processing of data (GDPR Articles 26, 28, and 29). Furthermore, we share your data with organizations outside the EEA. In that case, we will ensure the appropriate legal frameworks, particularly the Standard Contractual Clauses between controllers approved by the European Commission (2004/915/EC) and the Standard Contractual Clauses between controllers and processors (2010/87/EU), are properly in place (GDPR Articles 44 and onwards).

・Strategic Business Partners

With your consent, your personal information may be transferred to, stored, and further processed by strategic business partners collaborating with us to provide our products and services or support marketing efforts toward customers. We will only share your personal information with strategic business partners to deliver or improve our products, services, and advertisements.

・Affiliated Companies and Corporate Restructuring

We may share your personal information with all our affiliated companies. In mergers, corporate reorganization, insolvency or civil rehabilitation proceedings, acquisitions, joint ventures, transfers, spin-offs, sales, or dispositions (including those related to bankruptcy or similar proceedings), we may transfer all personal information to relevant third parties.

・Service Providers

We may share your personal information with various companies that provide services to us, such as hosting, maintenance, support services, email services, marketing, auditing, order processing, payment processing, data analysis, customer service, and conducting customer surveys and satisfaction assessments.

・Compliance with Laws and Security
We may disclose your personal information if required by law, legal proceedings, litigation, or requests from public authorities and government agencies in your country or abroad. We may also disclose your personal information if necessary or appropriate for national security, law enforcement, or other socially important issues.

We may also disclose your personal information to protect our rights, seek available remedies, enforce our terms of use, investigate fraud, or protect our business or users if such disclosure is reasonably deemed necessary.

・Data Transfers

The aforementioned disclosures may involve transferring your personal information from the European Union to the following countries: Japan and the United States (these countries may change due to changes in the business environment).

Such transfers may be carried out for purposes such as employee personnel evaluation, salary processing, expense payment, and contact with business partners. For each of these transfers, we will ensure an appropriate level of protection for the data subject to transfer. In particular, we will adhere to the Standard Contractual Clauses determined by the European Commission (2001/497/EC, 2002/16/EC, 2004/915/EC, and 2010/87/EU).

Article 5 (Record of Data Processing)

Whether functioning as a data controller or data processor, we will handle records concerning all processing of personal information in accordance with the obligations specified by GDPR (GDPR Article 30). In these records, we will reflect all necessary information for compliance with GDPR and cooperation with supervisory authorities (GDPR Article 31).

Article 6 (Security Measures)

We process your personal information using appropriate security measures (including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage). To achieve such protection levels, we will implement appropriate technical and organizational measures (GDPR Article 25(1) and Article 32).

Except where legally required or permitted for longer retention periods, we will store your personal information only for the period necessary to achieve the purposes outlined in this policy.

Article 7 (Notification of Data Breaches to Supervisory Authority)

To prepare for accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access that may affect the transfer, storage, or other processing of personal information, we have established mechanisms and guidelines to detect and assess potential breaches promptly. Depending on the result of our assessment, we will notify the supervisory authority as required and contact data subjects, including customers, who may be impacted (GDPR Articles 33 and 34).

Article 8 - Processing with High Risks to Customer Rights and Freedoms

We have established mechanisms and guidelines (GDPR Article 35) to detect data processing activities that may pose a high risk to your rights and freedoms. If such data processing activities are identified, we will evaluate them internally and either stop the processing, implement appropriate technical and organizational measures to ensure GDPR compliance or continue the processing.

In case of any doubts, we will contact the relevant data protection supervisory authority for advice and suggestions (GDPR Article 36).

Article 9 - Customer Rights

You have the following rights regarding the personal data collected and processed by us:

Information on Data Processing: You can obtain all necessary information about our data processing activities related to you (GDPR Articles 13 and 14).

Access to Personal Data: You have the right to confirm whether your personal data is being processed and access the personal data and related information if it is being processed (GDPR Article 15).

Rectification or Erasure of Personal Data: You can have any inaccurate personal data concerning you rectified without undue delay and have incomplete personal data completed (GDPR Article 16). You may also request the erasure of your personal data without undue delay if GDPR requirements are met (GDPR Article 17).

Restriction of Processing: If GDPR requirements are met, you can request us to restrict the processing of your personal data (GDPR Article 18).

Objection to Processing: If GDPR requirements are met, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data at any time (including profiling) (GDPR Article 21).

Data Portability: If GDPR requirements are met, you can receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit such data to another controller without hindrance from us (GDPR Article 20).

No Automated Decision-Making: If GDPR requirements are met, you may not be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (GDPR Article 22).

If you wish to exercise any of the above rights, please refer to the contact information section.

Suppose you are dissatisfied with our response to your requests or have complaints about how we process your personal data. In that case, you have the right to complain with the data protection supervisory authority.

Article 10 - Children

We do not intentionally collect or process information about children under 16 without parental consent. If we discover that we have collected and processed the personal data of children under 16 or the minimum age requirement as per GDPR and different EU member state laws without appropriate consent, we will take prompt measures to delete such information. If you become aware that a child under 16 has provided personal information to us, please contact us immediately using the contact details provided in this policy.

Article 11 - Links to Other Sites

We may propose hypertext links to third-party websites or internet sources from the website where this policy is posted. We do not manage or take responsibility for handling and content of third-party personal data protection. We urge you to carefully read the privacy policies of those third parties and understand how they collect and process your personal data.

Article 12 - Updating this Policy

We may revise or update this policy from time to time. Changes to this policy will become effective upon posting the revised version. If we make significant changes that we consider important, we will notify you to the extent possible through the website and, if necessary, seek your consent.

iam8bit japan & asia Customer Support
c/o  U/M/A/A Inc. 
Espace Tete #001, Minami-Azabu 1-3-2, Minato-ku, Tokyo, 106-0047, JAPAN