Personal Information Protection Policies

Asukanet Co., Ltd. carries out business operations and provides services that are based on the personal information of many of our clients. Thus, the protection of personal information is one of the top priorities in our business activities. In order to properly protect your personal information, we have established the personal information protection policies described below, and we strictly observe the laws and company rules regarding the protection of personal information. Furthermore, we obligate all our employees and suppliers to observe the aforementioned policies, and implement rigorous measures to ensure that personal information is handled and managed correctly.

For customers in the European Union (‘EU’), the European Economic Area (‘EEA’) and the United Kingdom (‘UK’), please also refer to "Chapter 2 : Additional Provisions Applied to the Handling of Personal Data of EU, EEA and UK Data Subjects.”.

Chapter 1

1. Observance of the laws, guidelines set by the government, and other regulations regarding the management of personal information

Our company shall observe the laws and guidelines set by the government, and other regulations regarding the management of personal information.

2. Establishment and continuous improvement of a management system for the protection of personal information

We shall establish, implement, and continuously improve a management system for the protection of personal information in order to ensure that the directors and employees of our company recognize the importance of personal information and take proper measures to protect it.

3. Proper Management of Personal Information in Each Business Operation

Our company shall observe our rules regarding the protection of personal information and other rules to ensure that the personal information used for our services is obtained, utilized, and provided correctly in accordance with the content and size of work in each business operation. In addition, our company shall not use personal information outside the scope of its intended purpose, and shall implement measures to ensure that the information is not used for any other purposes.

4. Keeping Personal Information Safe and Accurate

In order to prevent personal information from being divulged, and to keep the information accurate and up-to-date, our company shall address the risks related to the personal information we handle by implementing reasonable safety measures to prevent the information from being divulged, lost, or tampered with, and by taking the necessary corrective measures.

5. Handling Complaints and Providing Consultations

If the owner (or their representative) of personal information we hold requests that the information be disclosed, modified, utilized, or no longer provided, our company shall take immediate measures to respond to their request upon verifying the identification of the owner. We shall also respond to inquiries, consultation requests, or complaints regarding our management of personal information. However, we may not be able to respond to requests for deleting data if they interfere with any legal obligations.

Chapter 2

1. Purpose

This extra chapter describes certain additional information that we are required to provide to data subjects in the EU, EEA and UK under the General Data Protection Regulation ((EU) 2016/679 GDPR) established by the EU, and the United Kingdom General Data Protection Regulation (UK GDPR). This regulation describes the rights of data subjects and how to handle personal data.

2. Scope of Application

This Chapter applies to customers living in the EU, EEA and UK who use the services we provide. In the event of any conflict between the provisions of this Chapter and Chapter 1, the provisions of this Chapter shall prevail.

3. Contact information of the controller

Asukanet Co., Ltd.
3-28-14 Gion, Asaminami-ku, Hiroshima-shi, 731-0138 Hiroshima

Teil.: 0828501200

4. Contact information of representatives

4.1 EU representative

Enobyte GmbH
Augustenstr. 49, 80333 Munich, Germany
Email: eurep-asukanet@enobyte.com

4.2 UK representative

Enobyte GmbH
c/o Regus HQ Bloomsbury 4/4a Bloomsbury Square, London, WC1A 2RP, United Kindom
Email: ukrep-asukanet@enobyte.com

5. Legal grounds of our processing

We will only process your personal data if there is a legal basis to do so. Under GDPR/UK GDPR, there are three legal bases that we use.

  1. Consent (Art. 6 (1) a) GDPR/UK GDPR) – If a consent is freely provided by you, we are allowed to process your personal data only for the purpose for which the consent was given.

  2. Contractual obligation (Art. 6 (1) b) GDPR/UK GDPR) – If we have a contract with you, we will need to store and use some information about you. The same is true if we take necessary steps at your request prior to entering into a contract.

  3. Legitimate interest (Art. 6 (1) f) GDPR/UK GDPR) – Legitimate interest allows us to process personal data if it is necessary for our legitimate interests and your interests or fundamental rights and freedoms do not outweigh our interest. We will inform below if we do such processing and what interests we pursue.

6. Use of this website

When you visit our website, the servers automatically save server log file information sent by your browser. This information includes:

Content data

  • Any text you enter or files you upload

Usage data

  • Websites visited
  • Date and time of your request

Metadata

  • Your IP-Address
  • Your computers time zone
  • Your computers date and time
  • The website you requested
  • Which website you came from
  • Information about your browser (version, language, fonts installed)
  • Information about your operating system (version, language)
  • Potentially other information your browser sends via the HTTP protocol.

Temporary storage of the IP address by the system is necessary to display website content on your device. The information is used exclusively to maintain the technical operation of the servers and the network and ensure its security. The legal basis is our legitimate interest to provide the website in a secure manner, Article 6 (1) f) GDPR/UK GDPR).

We automatically delete all server-logs within 7 days. We store the logs for this time to see suspicious activities in our server and protect our infrastructure from outside attacks such as DdoS.

We use an external hosting provider to serve the website. The provider receives and stores the content data, usage data and metadata on our behalf. We use folliwing external hosting providers:

We use Amazon CloudFront as our CDN-provider to load some pictures and elements of this website. The CDN-provider will receive usage data and metadata of your visit. By using a CDN, we can more efficiently provide you with the information you requested and keep our website secure. The legal basis for this use is our legitimate interest (Article 6 (1) b) GDPR/UK GDPR).
Amazon CloudFront is a service offered by Amazon.com, Inc., 410 Terry Avenue North, Seattle, Washington, 98109, USA. You can review their privacy policy here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html

6.1 Google Tag Manager

This website uses Google Tag Manager, a service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which allows us to manage website tools via a single interface. Google Tag Manager itself does not process personal data, however it is used to load further tools and contents which may process personal data.

6.2 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to analyse the use of the website and optimize its design. The legal basis for this is your consent (Article 6 (1) a) GDPR/UK GDPR).

If you visit our website and provide your consent to our use of Google Analytics, we will store several cookies in your browser. This enables us to analyze how you use our website and to identify you.

Google will use the data to evaluate your use of the website and to compile reports on website activity for website operators and to provide other services related to website activity and internet usage. This applies even if you do not have a Google account.

Google does not record or store logs of your IP address.

You can prevent Google from collecting and processing your website usage information by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout

You have the right to object at any time to the creation of your profile by Google. If you wish to exercise this right of objection, please make your claim directly to Google. Should you contact us, we will forward your request to Google.

For more information about Google and how Google handles data, please refer to the following link:

6.3 Fonts

We use external fonts on our website to create a unified experience and deliver a modern looking website. These fonts are loaded from third parties to speed up loading processes in your browser, or due to licencing restrictions from the font provider. Our legal ground is our legitimate interest to provide our website with fonts securely, efficiently and maintenance free.

  1. Adobe Fonts
    We use fonts from Adobe Fonts, provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk. Citywest Business Campus, Dublin 24, Republic of Ireland (Adobe).
    When you load our website, Adobe will learn which website you accessed and what your IP-Address is. Adobe does not store the IP-Address beyond delivery of the Font to your device.

    For more information please refer to: https://www.adobe.com/privacy/policies/adobe-fonts.html

  2. Google Fonts
    We use Fonts provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
    When you load our website, Google will learn which website you accessed and what your IP-Address is. The information collected will only be used to show the embedded fonts as well as keep statistics on the popularity of fonts.

    For more information please reference the following links:
    FAQ: https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users

6.4 Meta pixel/ Facebook pixel

We use Facebook Pixel to track user’s behaviour on our website. Facebook Pixel is a service provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland with the parent company based in 1 Hacker Way, Menlo Park, California 94025, United States..
We track events on our website such as page views, completed registrations or successful searches. If you consent to our use of Facebook Pixel, the following data will be shared with Facebook:

  • IP-Address
  • HTTP-Header information, such as Browser version, Operating system version, language settings
  • Information on the triggered event (i.e. “Page View”, “Completed Registration”, “Contact”)
  • Information on the actions taken before triggering an event (for example buttons clicked)

We use this information to analyse our visitor’s behaviour on our website and target advertisements to previous users of our website.
Facebook will link these actions to your account and add you to a “custom audience” that we can target advertisements or posts to. This may even happen if you are not logged into an account.
Facebook Pixel also places a cookie (“_fbp”) in your browser. This cookie has an expiration time of 90 days. It is stored as a First-Party and as a Third-Party cookie. This means that Facebook can connect your online behaviour on other sites that also use Facebook Pixel and our site. This helps us identify persons with similar interests to target adverts to.

Furthermore, Facebook might use your data for their own purposes for market research and advertisement. Cookies might be stored on your computer, which will analyse our usage behaviour. Other information on your devices, internet connection and more can be collected and connected to your account. Facebook might create a profile on you, even if you are not logged in or have no account.

In some cases, your data will be processed outside of the European Union. Specifically a data transfer to the US cannot be ruled out. For these cases, we have concluded Standard Contractual Clauses (SCCs) approved by the European Commission.

Please note that as an US-based company, all information shared with Facebook may be subject to surveillance measures or access by public authorities.

Where you are in the EU: Facebook Ireland is a Joint Controller of the Joint Processing and information required by Article 13(1)a) and b) GDPR/UK GDPR can be found in Facebook Ireland’s Data Policy at https://www.facebook.com/about/privacy
We have concluded a joint controllership agreement with Facebook regarding the processing of data for Facebook Pixel: https://www.facebook.com/legal/controller_addendum
We have agreed that we are responsible for providing you information regarding the processing and that Facebook Ireland is responsible for enabling Data Subjects’ rights under Articles 15-20 of the GDPR/UK GDPR with regard to the Personal Data stored by Facebook Ireland after the Joint Processing.

Should you have an account with Facebook, you may Opt-Out of processing for advertising purposes here: https://www.facebook.com/settings?tab=ads

There are external mechanisms to opt-out of these kinds of targeting, for example via: http://www.youronlinechoices.eu/

7. Purpose of our processing

Personal data processed by us, its purpose of use, legal basis and retention periods are as follows:

  1. Management of photo shooting bookings
    Processing activities: Registration made via agents
    Information to be handled: Name, date of birth, phone number, E-mail address, height, weight, credit card information
    Legal basis: GDPR/UK GDPR Art. 6 (1) b)
    Retention period: 10 years

  2. Preparation of photo shootings
    Processing activities: Collecting information for photo shooting, sharing the information with photographer
    Information to be handled: Name, age, E-mail address, clothing size, shoe size, hair length, height, weight
    Legal basis: GDPR/UK GDPR Art. 6 (1) b)
    Retention period: 10 years

  3. Responding to customer requests and inquiries
    Processing activities: Responding to customer requests and inquiries
    Information to be handled: Name, phone number, E-mail address, content of inquiry
    Legal basis: GDPR/UK GDPR Art. 6 (1) f)
    Retention period: 10 years

  4. Payment, billing, refund, receipt of cancellation fees, and other services related to payments
    Processing activities: online advance payment, various types of payment such as credit cards, invoice Information to be handled: Name, postal code, credit card information, resident country, invoice
    Legal basis: GDPR/UK GDPR Art. 6 (1) b)
    Retention period: 10 years

  5. Sending of photos
    Processing activities: Uploading photo-data to the cloud
    Information to be handled: Name, facial-data, E-mail address
    Legal basis: GDPR/UK GDPR Art. 6 (1) b)
    Retention period: 90 days

  6. Marketing and promotion
    Processing activities: Using pictures for website, social media and flyer
    Information to be handled: Name, E-mail address, phone number, facial-data
    Legal basis: GDPR/UK GDPR Art. 6 (1) a)
    Retention period: 10 years

8. Social Media

We operate social media pages for the purpose of self-marketing and promotion of our products.
We are present on Facebook and Instagram.

When you visit our sites, the plattforms will collect data about your behavior and interests and might provide us with an anonymized analysis of our user groups and interactions. We have no influence over the creation and display of these analyses and cannot stop the collection or processing of your data for this matter.

We might receive the following data, separated into categories of users:

  • Total number of visits,
  • interactions with our posts,
  • comments,
  • proportion of male and female visitors,
  • origin of the visit,
  • clicks on certain contents such as maps or contact information,
  • reach of our posts

If you directly interact with our content (such as “Liking” or “Reposing” it), we will be able to directly identify you. Should you wish to restrict this linking of your account and our social media page, please use the functionality offered on each platform to unfollow us.

We use these data and our presence on social media to present ourselves in a modern way to a large audience. The usage of this data, as well as the operation of the page is based on our legitimate interest for efficient, effective and interactive promotion acc. to Art. 6 (1) f) of GDPR/UK GDPR.

Furthermore, the platforms might use your data for their own purposes for market research and advertisement. Cookies might be stored on your computer, which will analyze our usage behavior. Other information on your devices, internet connection and more can be collected and connected to your account. The platforms might create a profile on you, even if you are not logged in or have no account. These profiles can be used to show you targeted advertisement on different platforms.

In some cases, your data will be processed outside of the European Union. Specifically a data transfer to the US cannot be ruled out. For these cases, we have concluded Standard Contractual Clauses (SCCs) approved by the European Commission with the platform operators.

You have the right to enforce your rights regarding our social media pages and the Page-Insights at any time against us or the platform. However, we advise you that in any case, the platform will deal with the request. Should you have any questions, you may contact us via the contact details mentioned above.

Further information on the platforms:

Facebook and Instagram are Social Media platforms, offered by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland with the parent company based in 1 Hacker Way, Menlo Park, California 94025, United States.

We have concluded a joint controller agreement with Facebook which you may reference here:
https://www.facebook.com/legal/terms/page_controller_addendum
You can read the essential contents of the agreement here:
https://www.facebook.com/legal/terms/information_about_page_insights_data
You have the right to enforce your rights regarding our Facebook page and the Page-Insights at any time against us or the platform. However, we advise you that in any case, the platform will deal with the request. Should you have any questions, you may contact us via the contact details mentioned above.
You can reference the privacy policy of Facebook here:
https://www.facebook.com/about/privacy/
Should you have an account with Facebook, you may Opt-Out of processing for advertising purposes here:
https://www.facebook.com/settings?tab=ads

9. Transfer of personal data to third countries

In order to fulfill the contract with the customer or to carry out the procedure according to the request of the customer prior to the conclusion of the contract,we may transfer personal data to a third country (including those countries where the adequate level of data protection have not been qualified). We shall use appropriate security and confidentiality measures in accordance with this Privacy Policies and laws when transferring customer’s personal data.

10. Retention periods of personal data

We will generally delete your personal data as soon as we no longer require it for the purposes for which we collected it. If any legal obligation stops us from deleting your information for a certain time, we will stop access to this information, store it securely and delete it after our legal obligation is over.

11. Your right

At any time you can exercise your rights by contacting us directly. Please be aware that we might ask for some sort of verification of identity in order to safeguard other data subjects. These verification will be made as non-intrusive as possible.

You have the following rights:

  1. Right of access
  2. Right to rectification and erasure
  3. Right to restriction of processing
  4. Right to data portability
  5. Right to revoke your consent

11.1 Right to lodge a complaint with a supervisory authority

At any time, you may lodge a complaint about our data processing activities with a supervisory authority.

11.1.1 EU

A list of Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/board/members_en

11.1.2 UK

Information Commissioner’s Office: https://ico.org.uk/

11.2 Right to object

You have the right to object to any processing we do on grounds of our legitimate interest, if your particular situation challenges our balance of interests.
Unless we can demonstrate legitimate grounds for the processing which overrides your interests, rights, and freedoms, and if we do not need your personal data for the establishment, exercise of defense of legal claims, we will no longer process your personal data.

Asukanet Co., Ltd.
Yuji Matsuo, President
Established: August 11, 2004
Revised: February 17, 2007
Revised: June 18, 2011
Revised: December 18, 2020
Revised: July 10, 2024
Revised: September 3, 2024

We have published our personal information protection policies on our website, and taken other measures to ensure that the policies are easily accessible for our employees and the general public. Use the contact information below for any inquiries regarding the management of personal information.

PIC: Information Security Manager, Administration Department, Asukanet Co., Ltd.
E-mail:privacy@asukanet.co.jp