Privacy Policy for the EEA and UK
Effective Date: 1st,October 2023
This Privacy Policy (this "Policy") describes how MAX collects, uses and shares personal data regarding data subjects located in the European Economic Area ("EEA") and UK in the course of operating our businesses.
In this Policy, any reference to MAX or "we" / "us" / "our", means a reference to MAX CO., LTD.
Please note that this Policy only applies to MAX's processing of personal data regarding data subjects located in the EEA and UK.
Important information and who we are
MAX collects and processes your personal data in accordance with this Policy.
MAX is the data controller and is responsible for your personal data.
Our registered office is at MAX CO., LTD. Attn.: 6-6. Nihonbashi Hakozaki-cho, Chuo-ku, Tokyo, Japan. You can find our contact details in the "Contact Us" section below.
You have the right to make a complaint at any time to the relevant and competent data protection supervisory authority in your jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach such an authority so please contact us in the first instance.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
The data we collect about you
We collect and use the following personal data:
- aCustomer data, including name; gender; contact details (home address, work email address, personal phone number); company name and address; department; title; signature specimens; contact preferences; date of birth; citizenship; and other information necessary for customer management;
- bEmployee data, including name (including legal and preferred names); date of birth / age; gender; contact details (home address, home telephone number, personal mobile telephone number and personal email address); passport details; background check results (including criminal record checks); interview feedback; position within organisation and working arrangement; business network / firm committees membership; employment history; travel and expenses information; and other information necessary for employment management;
- cData on providers and/or users of competing and related products, including name of an individual or company who is a provider and/or user of competing and related products; names, specifications, sales destinations, prices, number of units sold, rights and licences of competing and related products; and other information necessary for the conduct of our business and the exercise of our rights; and
- dTechnical data, including internet protocol (IP) address; your login data; browser type and version; time zone setting and location; browser plug-in types and versions; operating system and platform; and other technology on the devices you use to access this website.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How is your personal data collected?
We collect your personal data in the following ways:
- aInformation that you provide to us: This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise;
- bInformation we collect or generate about you: This includes data from and about you through automated technologies or interactions. As you interact with our website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy above for further details; and
- cInformation we obtain from other sources: This includes data provided to us by our subsidiaries, third-party service providers, agencies or other publicly available sources where applicable.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To provide our products and/or services to the relevant clients | Customer data | Necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract |
| To engage in marketing and business development activities in relation to the provision of our products and/or services. | Customer data | Necessary for our legitimate interests (to develop and grow our business) |
| To enable entering into a contract with an employee, and perform obligations and exercise rights under an employment contract | Employee data | Necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract |
| To manage the proper operation of the businesses, maintain consistent practices and procedures, maintain compliance with internal policies and procedures, and prevent, detect and manage criminal activities or threats, in relation to employment management | Employee data | Necessary for our legitimate interests (to carry out employment management) |
| To determine how to respond to other's products and/or services that are similar to or related to ours by collecting, analysing and considering data on their products and/or services | Data on providers and/or users of competing and related products | Necessary for our legitimate interests (to operate our businesses and exercise our rights) |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | Technical data | Necessary for our legitimate interests (to study how our website is used and to develop and grow our business) |
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Technical data | Necessary for our legitimate interests (to develop our business and to inform our marketing strategy) |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to perform such use.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How we share your personal data
We share your personal information with the following recipients:
- aAny of our affiliates and subsidiaries;
- bOur service providers, including IT infrastructure service providers, customer relationship management service providers, and website hosting and security service providers; and
International transfers
Whenever your personal data is transferred outside of the EEA and/or UK, we ensure a similar degree of protection is afforded to it by ensuring that we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data, for example, the European Commission's decision of 23 January 2019 on the adequate protection of personal data by Japan, or via another appropriate safeguard (e.g. standard contractual clauses) should an adequacy decision not be in force in respect of a particular personal data transfer.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA and/or UK.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know the same. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.
Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Right to object to the processing: you have the right to object to the processing of your personal data in certain situations;
- Right to information: you have the right to be informed whether and to what extent we process your data;
- Right of access: subject to certain exceptions, you have the right to obtain a confirmation as to whether or not we process your personal data, and if we do, request access to your data;
- Right of rectification: if the personal data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time;
- Right to deletion: subject to certain exceptions, if you consider that we should stop processing some or all of your personal data, you have the right to request its deletion. However, there may well be reasons why an immediate deletion may not be possible (such as where retention is required to meet legal or regulatory obligations);
- Right to restrict the processing: you have the right to request that we restrict the processing of your personal data;
- Right to data portability: where the processing takes place on the basis of your consent or contract, and is carried out by automated means, you have the right to request that we provide your personal data to you in a machine-readable format;
- Rights in relation to automated decision making and profiling: you have the right to object to decisions based exclusively on the automated processing of your personal data; and
- Right to withdraw your consent: if your personal data is processed on the basis of your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
Mandatory personal data
Personal data that is mandatory to be provided is indicated in the relevant forms that you complete. In cases where the provision of personal data is mandatory, we are not able to provide our products and/or services to you if the relevant information is not provided.
Contact us
If you have any questions about this policy, please contact us:
By email: privacypolicy_corporate@max-ltd.co.jp
Postal address: MAX CO., LTD. Attn.: 6-6. Nihonbashi Hakozaki-cho, Chuo-ku, Tokyo, Japan