1. Introduction

GMO BRAND SECURITY Inc. (“we”, “our,” or “us”), as a Japanese domain name, trademark and other intellectual property service company, processes the personal data of persons in the EU and the UK in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission (EU GDPR) and the UK GDPR, which was adopted in the United Kingdom with effect from 1 January 2021. GMO BRAND SECURITY Inc. is the controller of your personal data and responsible for it.

This privacy policy aims to provide information on how we collect and process personal data through your use of this website, including any data you may provide through this website when you use our service (“Service”) or sign up for our marketing materials or newsletters.

2. The types of data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.Contact Data includes billing address, delivery address, email address and telephone numbers.Financial Data includes bank account and payment card details.Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.Usage Data includes information about how you use our website, products and services. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
In principle, in order to conduct various procedures concerning the Services we provide, we may collect information about our employee’s health (including genetic and biometric data) for the purpose of compliance with the Japanese Industrial Safety and Health Act. When we do this we will obtain your explicit prior consent.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

3. How we collect your data

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
  • apply for our Services;
  • contact us regarding quotations, estimates, billing and other transactions
  • make or respond to a customer service or other enquiry;
  • create an account on our website;
  • subscribe to our Service or publications;
  • request marketing to be sent to you;
  • receive notice of or apply to attend our services/seminars/exhibitions
  • enter a competition, promotion or survey; or
  • give us feedback or contact us.
  • Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Some of the Technical Data we collect through cookies may enable us to identify the individual using the computer. Please see item 10. About Cookies and Other Similar Technologies below for further details.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties:
    1. analytics providers such as Google based outside the UK; and
    2. search information providers such as Teikoku DataBank Ltd.
    based outside the UK and EU.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal based outside the UK and EU.
  • Identity and Contact Data from publicly available sources such as Whois of Domain Name based inside and outside the UK.

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Further explanation of these lawful bases are as follows:

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

We use personal information to the extent necessary to achieve the following usage purposes. The lawful basis under the GDPR on which we use your data is also specified.

  1. To provide customers with the Service (Performance of Contract);
  2. To market and advertise the Service (Legitimate Interest);
  3. To send customers newsletters, promotional materials, and information related to the Service, or goods and services of our group corporations or our partner corporations (Legitimate Interest);
  4. To facilitate the creation of customers’ accounts, to help customers’ manage their accounts, to give customers notice regarding their accounts (Performance of Contract);
  5. To confirm, review, and respond to customers’ requests and inquiries regarding us or the Service (Performance of Contract) (Comply with a legal obligation);
  6. To develop, improve, and provide the Service by conducting research, analysis and surveys (Legitimate Interest);
  7. To exercise our rights and fulfill our obligations arising out of or in connection with any contracts between customers and us (Performance of Contract);
  8. To comply with the applicable laws and regulations (Comply with a legal obligation);
  9. To provide certain services to third parties when processing personal data owned by such parties (Legitimate Interest); and
  10. To operate, maintain, and manage the Service, and to improve the administration of the Service and quality of experience when customers use the Service (Legitimate Interest).

5. Rights of Customers and Other Subjects Concerned

Each customer or the other subject concerned has the following rights regarding EU and UK personal data about himself or herself.

  1. Right to access to his or her own EU and UK personal data and other information relating to his or her personal data
  2. Right to rectify inaccuracies of his or her EU and UK personal data without undue delay
  3. Right to erase his or her EU and UK personal data without undue delay
  4. Right to restrict processing of his or her EU and UK personal data
  5. Right to receive EU and UK personal data provided by customers or other concerned subjects by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the EU and UK personal data to other organizations in order for them to manage without hindering transferring process
  6. Right to object to legitimate interest processing; and processing for direct marketing purposes
  7. Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals
  8. Right to lodge a complaint with a supervisory authority

See paragraph 13 below for details of how to exercise these rights.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers

We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.

Third party marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opting out

You can ask us or third parties to stop sending you marketing messages by contacting us at any time.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. Safeguards

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out above.

  • Other companies in our GMO group in Japan and Vietnam (GMO Internet Group, Inc. and GMO Internet Group companies (Refers to affiliate companies listed in https://www.gmo.jp/company-profile/groupinfo/)). The purpose of use is defined by the scope of “Purpose of Use of Personal Information” specified by GMO Internet Group, Inc. and GMO Internet Group companies https://www.gmo.jp/csr/governance/privacy-policy/#internal-link-second (Only Japanese version available.), and is common to all shared users. Principally the shared use is in order to promote activities such as service development and service guidance; and communication with customers and other data subjects concerned. Shared use is supervised by Chief Administrator, GMO Internet Group, Inc. (Representative, Representative Director, Group Representative, Masatoshi Kumagai)
  • Outsourcing contractors such as domain registrars, patent offices, and the patent office of the filing country located in the whole world.
  • Service providers acting as processors based in Japan, U.S. or Vietnam who provide cloud services and IT system administration services.
  • Professional advisers including lawyers, bankers, auditors and insurers based in the UK, EU and Japan who provide consultancy, banking, legal, insurance and accounting services.
  • Regulators and other authorities based in the United Kingdom and EU who require reporting of processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Transfer of EU and UK Personal Data

Whenever we transfer your personal data out of the UK or the European Economic Area, we ensure a similar degree of protection is afforded to it as under the GDPR by ensuring at least one of the following safeguards are implemented:

  • We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. Japan has been recognised and determined as a country providing adequate data protection by the European Commission and the UK Government, and we manage EU and UK personal data of customers and other subjects concerned appropriately.
  • Where we use certain service providers which are not in countries that have been deemed to provide an adequate level of protection for personal data, we may use specific contracts and transfer mechanisms (such as standard contractual clauses and international data transfer agreements) approved for use which give personal data the same protection it has under the GDPR. EU and UK personal data is transferred to us and our outsourcing contractors such as cloud service providers and IT service vendors located in U.S. or Vietnam or other countries in the whole world and may be stored in servers located in that country. We put appropriate transfer mechanisms in place with these entities. If you require further information please contact us as stated below.

9. Archiving, Deletion, Disposal of EU and UK personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

After the defined retention period has expired or the purpose of use has been achieved, we delete EU and UK personal data of customers and other subjects concerned without delay. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

10. About Cookies and Other Similar Technologies

We use cookies on this site with a view to increasing its usability. When you re-visit this site, cookies are used for for example user tracking, re-targeting advertisements, affiliate advertising and retaining the login information of registered users, and users can view this site more conveniently.
A cookie is a small file used to transmit information from this site to your browser. When you, as a customer or other visitor, visit this site again, the cookie helps you to use this site more conveniently and is stored in your personal computers/devices.
A cookie also does not have negative effects on your computers/devices.
Cookie information that is collected from customers and other visitors will be transmitted to and stored in servers at Google LLC, Adobe Systems Incorporated and some other entities from our web servers and our outsourcing contractors such as cloud provider and IT service vendor.
We also obtain statistical data concerning access information such as the number of accesses and stay period for this site from stored data by using the Google Analytics service, Adobe Analytics web analytics service that is provided by Adobe Systems Incorporated, and some other services.
It is possible to block cookies, if you, as a customer or other visitor, change the settings of your web-browser. In such cases, your ability to use some of the functions of this site may be restricted. Please make contact with the developer and/or distributor of the web-browser that you are using for its setting procedure.

11. Group-wide Data Protection Officer and Group-wide Representative for EU and UK Personal Data

Group-wide Data Protection Officer for EU and UK Personal Data (G-DPO)

GMO Internet, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya-Ku, Tokyo, 150-8512 , Japan.
Email address: dpo@gmo.jp

Group-wide Representative for EU Personal Data

JANSON BAUGNIET CVBA
Congreslaan 27
B-9000 Ghent
BELGIUM
Email address: gdpr.representative@janson.be

Group-wide Representative for UK Personal Data

Shakespeare Martineau
60 Gracechurch Street
London EC3V 0HR
DX 700 London City
Email address: ukdataprotectionrep@shma.co.uk

12. Claims and Inquiries

For inquiries regarding this privacy policy, please make contact to the following contact point.
URL: https://www.gmo.jp/en/contact/general-inquiries/

You have the right to make a complaint at any time to the data protection supervisory authority in your country. The UK regulator for data protection issues is the Information Commissioner’s Office (www.ico.org.uk). The details of the relevant authorities in other EU countries can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance at the contact details above.

13. Disclosure and other requests of EU and UK personal data

Requests for disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) must be dealt with in the following manner.
Please be aware that we will not accept requests by telephone, fax, email, verbally or by any method other than that laid out below.

Please print out our prescribed form and fill in necessary information.
After filling in, please enclose the necessary documents, and send them to the following address by registered mail:

Address:
GMO Internet Group, Inc.
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512, Japan.

Disclosure and Other Requests Form is below:
https://www2.brandsecurity.gmo/l/959492/2024-01-16/67715i

Published on 25 May 2018
Revised on 1 April 2022
Revised on 11 May 2022
Revised on 9 Feb 2023

Page Top