GDPR Privacy Policy
Privacy Policy for Data Subjects in European Union (“EU”) Member States and the United Kingdom (“UK”)
1. About this privacy policy
The protection of your personal data is important to HENNGE K.K. ( “HENNGE”, “we” or “us”). HENNGE processes your personal data in accordance with the applicable EU member state and the UKs’ regulations on data protection, particularly the General Data Protection Regulation 2016/679 and the UK General Data Protection Regulation (collectively, “GDPR”). This privacy policy (“Privacy Policy”) sets out how HENNGE as the data controller processes your personal data, and this Privacy Policy applies to our processing of personal data of data subjects resident in the European Economic Area (“EEA”) and the UK. Please read this Privacy Policy carefully in order to understand how HENNGE processes your personal data. For the purposes of this Privacy Policy, unless otherwise defined herein, all terms used in this Privacy Policy shall have the meanings ascribed to them in the GDPR.
2. HENNGE’s roles and responsibilities
This Privacy Policy does not apply to the extent that HENNGE processes personal data as a data processor on behalf of our customers, including where HENNGE provides our customers with our cloud services. In that case, each of our customers, not HENNGE, controls your personal data, and HENNGE is not responsible for our customers’ use of your personal data other than in situations where the applicable law imposes duties on us. In order to know how your personal data is used by our customers as data controllers, HENNGE recommends reading their terms and conditions and privacy policies. HENNGE strictly follows the customers’ instructions in processing your personal data as a data processor in accordance with the agreements between the customers and us.
3. Personal data HENNGE collects and data sources
We collect personal data from you that is legally required or necessary to initiate or maintain a business relationship with you and to provide you with our services. If you choose not to provide us with the necessary personal data, we may be unable to enter into or fulfill a contract with you, and certain services or functions may not be available.
- Contact Data:
- HENNGE will collect this data from you or from other sources including but not limited to distributors, marketing companies that hold events sponsored by us, websites including contents about us, and information aggregators and entities which have licensed HENNGE to use business contact information. It may include your name, username, photo, telephone number, email address, mailing address, the organization you are affiliated with, your job title, your occupation, areas of expertise, industry, third-party platform usernames, and other similar contact information.
- Shareholders’ Personal Data:
- HENNGE will collect this data directly or through the administrator of the shareholders’ register, such as the names and addresses of shareholders, the number of shares held by the shareholders and the days when the shareholders acquired the shares.
- Employees’ Personal Data (including employees who resigned and retired from HENNGE):
- This data may include your name, e-mail address, family structure, phone number, birth date, gender, face photograph and any other information that we need for the purpose described below.
- Job Candidates’ Data:
- HENNGE will collect your personal data from you when you apply for a job or internship with HENNGE, or other sources such as staff agencies or public open sources. It may include your name, e-mail address, phone number, birth date, gender, face photograph, educational and work history, and other information described in your resume or otherwise related to you.
- Payment Data:
- HENNGE will collect this data from you or your organization such as billing name, billing address and payment card details, in connection with some of our products and services.
- Event Attendees’ Data:
- When you attend an HENNGE event, HENNGE will collect your information that you provide us, and HENNGE may record some or all of that event, take photos at the event, and interview you at the event.
- Device Data and Metadata:
- HENNGE will collect this data when you use our website or services. Device data includes the operating system installed on your device, IP address, user-agent and browser version. Metadata includes technical data about your performance and use of our website or services. These types of data are collected through our use of cookies, which are small text files placed on your device. HENNGE domains use two types of cookies: (i) essential cookies, which are necessary for the functionality of our website and services, and (ii) functional cookies, which will help HENNGE enhance the performance of the website and services. The collection of data by cookies can be disabled by changing the browser’s cookie setting.
In addition, HENNGE websites and services may use Google Analytics, an access analytics tool provided by Google LLC, which uses cookies to collect data anonymously without identifying you personally. For more information on Google Analytics, please review the information provided by Google LLC on its website.
- HENNGE will collect this data when you use our website or services. Device data includes the operating system installed on your device, IP address, user-agent and browser version. Metadata includes technical data about your performance and use of our website or services. These types of data are collected through our use of cookies, which are small text files placed on your device. HENNGE domains use two types of cookies: (i) essential cookies, which are necessary for the functionality of our website and services, and (ii) functional cookies, which will help HENNGE enhance the performance of the website and services. The collection of data by cookies can be disabled by changing the browser’s cookie setting.
- Other Customer Data and Usage Data:
- HENNGE will collect, in the course of your usage of our products or service, additional customer data and usage data, such as the URLs you visit, logs of your usage, logs about your login history, and timestamps.
4. How HENNGE use your personal data
| Categories of personal data | Purpose for processing |
|---|---|
| Contact Data | Communications related to our products and services Maintaining safety and security of our products and services Promoting our products and services Processing payments |
| Shareholders’ Personal Data | Execution of rights and performance of obligations by the shareholders based on the provisions of the Companies Act of Japan Generating data and processing statistics based on applicable laws and regulations Responding to inquiries from shareholders. |
| Employees’ Personal Data (including employees who resigned and retired from HENNGE) | Work related to employment management (including employees’ family members, employees who are seconded to other companies and employees who are transferred) Work related to payment of remuneration Work related to employees’ welfare programs Work related to health and safety of employees procedures upon resignation/retirement of employees Other necessary procedures and communications based on applicable laws and regulations as well as from work perspectives |
| Job Candidates’ Data | Conducting recruitment work such as assessing applications, evaluating and improving our recruiting system, our application tracking and recruiting activities. |
| Contract and Payment Data: | Communications related to our products and services Maintaining safety and security of our products and services Promoting our products and services Processing of payments |
| Event Attendees’ Data | Promoting our products and services |
| Device Data and Metadata | Maintaining safety and security of our products and services Developing and improving our websites, products, and services Promoting our products and services |
| Other Customer Data and Usage Data | Communications related to our products and services Maintaining safety and security of our products and services Developing and improving our websites, products, and services Promoting our products and services |
5. Legal bases for processing personal data
HENNGE only processes your personal data based on one of the legal bases provided for in the GDPR (Articles 6 and 7). Particularly, in case HENNGE processes personal data that needs special care, HENNGE will comply with special rules set forth in the GDPR(Article 9 and 10).
Specifically, HENNGE will process (i) Contact Data, Device Data and Metadata, and Other Customer Data and Usage Data for the purposes listed above based on Article 6 (1)(f) of the GDPR, (ii) Event Attendees’ Data for the purposes listed above based on Article 6(1)(a), and (iii) Contact Data and Payment Data for the purposes listed above based on Article 6 (1)(b) of the GDPR. Our legitimate interests pursued under Article 6(1)(f) is to provide services, customer support, business administration, security, and other operation purposes.
6. Retention period of personal data
HENNGE will retain your personal data that HENNGE collects as long as it is necessary for the purpose set out in this Privacy Policy unless a longer period of retention is required by the applicable law.
7. Sharing and disclosure of personal data
HENNGE may share and disclose your personal data to our group entities and to third party service providers in accordance with GDPR or the UK GDPR for the purpose stated in this Privacy Policy.
8. Transfers of personal data outside the EEA or the UK
Disclosure or sharing of personal data mentioned above in Section 6 may involve transferring personal data out of the EEA or the UK. In such a case, HENNGE will implement proper safeguards, for example, by entering into the standard data protection clauses (Article 46 (2) (C) and (5) of the GDPR) approved by the European Commission. If you wish to receive a copy of documentation related to these safeguards, please contact via the contact details set forth in this Privacy Policy. Disclosure or sharing of personal data may involve transferring personal data to HENNGE’s affiliates, namely HENNGE Taiwan and HENNGE Inc., and your personal data may be transferred to Taiwan and/or the United States.
9. Your rights
You have the following rights regarding personal data obtained and processed by us as a data controller.
- The right to obtain information regarding processing of personal data: You can obtain from us all the requisite information regarding our data processing activities of personal data that concern you (Article 13 and 14 of the GDPR).
- Access to personal data: You can obtain from us confirmation as to whether personal data concerning you are being processed, and, if so, access the personal data and certain related information (Article 15 of the GDPR).
- Rectification and erasure of personal data: You can have us rectify inaccurate personal data about you without undue delay and have us complete any incomplete personal data (Article 16 of the GDPR). Also, if certain conditions set out in the GDPR are satisfied, you can have us delete personal data about you without undue delay (Article 17 of the GDPR).
- Restriction on processing of personal data: If certain conditions in the GDPR are satisfied, you can have us restrict processing your personal data about you (Article 18 of the GDPR).
- Data portability of personal data: If certain conditions set out in the GDPR are satisfied, you can receive personal data about you in a structured, commonly used, and machine-readable format and can transfer those data to another controller without hindrance from us (Article 20 of the GDPR).
- Not to be subject to automated decision-making: If certain conditions set out in the GDPR are satisfied, you will have the right to not be subject solely to data-based, automated decision-making (including profiling) that produces any legal or similar material effect on you (Article 22 of the GDPR).
- Withdrawal of consent to processing personal data: The withdrawal of your consent will not affect the legality of any processing carried out before such withdrawal. If you withdraw your consent, HENNGE may not be able to provide certain products or services to you. HENNGE will advise you if this is the case at the time of such withdrawal by you.
If you intend to exercise any rights mentioned above, please inquire using the contact details set forth in this Privacy Policy.
If certain conditions set out in the GDPR are satisfied, you can object to the processing of your personal data(Article 21 of the GDPR).
You can lodge a complaint in relation to our processing of your personal data with competent supervisory authorities including the Data Protection Supervisory Authority.
10. Children’s personal data
HENNGE does not provide HENNGE products or services for purchase by children. HENNGE does not knowingly collect personal data from children under the age of 16. If you are under 16, you may use HENNGE products and services only with the involvement of a parent or guardian. If you are a parent or guardian and believe that your child has provided HENNGE with personal data without your consent, please contact us by using the information in the “Contact Details” section, below, and HENNGE will take steps to delete such personal data from our systems.
11. Revisions of this privacy policy
HENNGE may revise this Privacy Policy at any time. If HENNGE does so, HENNGE will provide notice of such revisions through this website.
12. Contact details
Please contact us or our representatives using the contact information set out below for questions and inquiries about this Privacy Policy.
Contact:
HENNGE K.K.
Attention: Data Protection Officer
with a copy to: Legal Section, Business Administration Division
Daiwa Shibuya Square, 16-28 Nanpeidaicho, Shibuya City, Tokyo Japan 150-0036
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), HENNGE K.K has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to Article 27 of the UK GDPR, HENNGE K.K. has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom
- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/