top of page

Privacy Policy (GDPR)

1. Introduction

Japan EHS Audit Co., Ltd. (hereinafter referred to as "the Company," "we," or "us") is committed to protecting the personal data of our customers located in the European Economic Area (EEA) (hereinafter referred to as "Data Subjects"). This Privacy Policy explains how we collect, use, share, and protect personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller for the personal data covered by this Privacy Policy is:

  • Company Name: Japan EHS Audit Co., Ltd.

  • Address: Kabutocho Dai-6 Hayama Bldg. 4F, 17-2 Nihonbashi Kabutocho, Chuo-ku, Tokyo 103-0026, Japan

  • Email Address: info@japan-ehs-audit.com

  • Phone Number: +81-3-6555-1440

3. Purposes and Legal Basis for Processing Personal Data

We process your personal data for the following purposes, based on specific legal grounds:

  • For the provision of EHS/ESG audit and consulting services, and for the performance and management of contracts:

We process information such as name, job title, organization, contact details (email address, phone number), and contract-related information to perform and manage our contracts with customers. The legal basis for this processing is the necessity for the performance of a contract (Article 6(1)(b) of the GDPR).

  • To respond to inquiries, consultations, and requests for quotations:

We process information such as name, job title, organization, contact details, and the content of the inquiry to respond to customer requests. The legal basis for this processing is our legitimate interests in conducting our business smoothly (Article 6(1)(f) of the GDPR).

  • To provide information about our services, seminars, and other events:

We process names and contact information (email addresses) to deliver information about our services and seminars. The legal basis for this processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR).

  • To analyze website usage and improve our services:

We process online identifiers such as cookies, IP addresses, and Browse history to improve the performance of our website. The legal basis for this processing is the consent of the Data Subject (Article 6(1)(a) of the GDPR).

  • For legal compliance and the protection of our rights:

We may process relevant personal data to comply with legal obligations or to respond to legal claims. The legal basis for this processing is compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR) and our legitimate interests in responding to legal claims (Article 6(1)(f) of the GDPR).

4. Sharing of Personal Data with Third Parties

We do not provide personal data to third parties without your consent, with the following exceptions:

  • Service Providers: We may disclose personal data to service providers who support our business operations, such as IT system providers (hosting, cloud services) and professional advisors (lawyers, accountants), to the extent necessary to achieve the intended purposes.

  • Google Analytics: Our website uses Google Analytics, provided by Google, Inc. The information generated by this service is transmitted to and stored by Google. We use this service based on your consent.

  • Legal Obligations: We may disclose personal data when required by law, legal proceedings, or requests from governmental authorities.

5. Data Transfers Outside the EEA

We are a company based in Japan. Your personal data is processed and stored on servers located in Japan. Japan has received an "adequacy decision" from the European Commission, which recognizes that the country provides an adequate level of data protection. Therefore, the transfer of personal data from the EEA to Japan is lawful under the GDPR.

In cases where some of our service providers (e.g., Google Analytics) are located in countries without an adequacy decision, such as the United States, we will protect your personal data by implementing appropriate safeguards required by the GDPR, such as entering into Standard Contractual Clauses (SCCs).

6. Data Retention Period

We retain your personal data only for the period necessary to fulfill the purposes for which it was collected. The specific retention period is determined by considering the contractual term, statutory retention obligations (e.g., for accounting records), and the need for dispute resolution. Once the purpose is fulfilled, the data will be promptly deleted or anonymized.

7. Rights of the Data Subject

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: The right to obtain confirmation as to whether or not your personal data is being processed, and, where that is the case, access to the data.

  • Right to rectification: The right to obtain the rectification of inaccurate personal data concerning you without undue delay.

  • Right to erasure ("right to be forgotten"): The right to obtain the erasure of your personal data without undue delay under certain conditions.

  • Right to restriction of processing: The right to obtain the restriction of processing under certain conditions.

  • Right to data portability: The right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and the right to transmit that data to another controller.

  • Right to object: The right to object at any time to the processing of your personal data which is based on our legitimate interests.

  • Right to withdraw consent: The right to withdraw your consent at any time where processing is based on consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

To exercise these rights, please contact the Data Controller at the contact details provided in Section 2.

8. Right to Lodge a Complaint with a Supervisory Authority

If you are not satisfied with our handling of your personal data, you have the right to lodge a complaint with a data protection supervisory authority in your Member State of residence, place of work, or place of the alleged infringement.

9. Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

10. Changes to This Policy

We may revise this policy from time to time in response to changes in laws, regulations, or our business practices. Any significant changes will be announced on our website.

 

 

Establish on August 1, 2025

 

bottom of page