We shall acquire Personal Data through lawful and justifiable means and use it only for the following purposes:
（１）Personal Data concerning users of our Group's services and business partners
① for providing services related to construction, maintenance, inspection, and repair of services of our Group
② for planning, researching, developing, and testing services of our Group
③ for management of access to our facilities
④ for management of information of business connections, payment and revenue processing
⑤ for communications, business negotiations, and execution of contracts necessary for our business
⑥ for response to various inquiries
Our Group may process Personal Data in order to perform obligations under contracts that have been executed with customers or vendors of our Group's services; in other words, in order to perform operations in the ordinary course of our business.
（２）Personal Data of job applicants
① for providing employment information, etc. and contacting job applicants
② for management of our recruitment
Our Group may process Personal Data for the purpose of legitimate interests to the extent necessary for the recruitment of those who work for our Group.
（3）Personal Data concerning employees
① for human resource management
② for payment of salaries, bonuses, etc.
③ for procedures of social insurances, tax matters, and so on
④ for communication with affiliated companies or certain companies our Group’s employees are seconded to
⑤ for retirement procedures
⑥ for emergency contact
⑦ for notification or report to government offices
⑧ for other procedures or communications necessary in the ordinary course of our Group’s business.
Our Group may process Personal Data for the purpose of legitimate interests, to the extent necessary to provide appropriate labor management or welfare benefits for those working for our Group, or to comply with the legal obligations imposed on Administrator.
Our group shall obtain prior consent from users of our Group’s services in the case where our Group contacts them by e-mail for marketing purposes. Such process of Personal Data is necessary for the purpose of legitimate interests; that is, it is necessary for our Group to communicate with the users of our Group's services and to provide them with our Group’s services.
Our Group may use Personal Data of users of our Group's services to provide customer services. Such process of Personal Data is necessary for the purpose of performance of agreements or legitimate interests.
For the purpose of use described in Section 2 above, we collect Personal Data from the following sources:
① Subjects (directly) (e.g. Personal Data stated in an application form, etc.)
② Subjects (indirectly) (e.g. IP address obtained when our site is browsed, etc.)
③ public information (information on the Internet)
④ social medias (e.g. Twitter, LinkedIn, Facebook)
⑤ investigation reports provided by third parties
① information on attributes of Subjects
② history of purchasing data of Subjects among Personal Data processed by our Group
③ details of products and services provided to Subjects
④ financial information
⑤ academic backgrounds
⑥ work experience
⑦ other information that can identify a specific individual (including information that can be easily collated with other information, thereby making it possible to identify a specific individual)
Our Group may need to share Personal Data with the following third party for the purpose of process set forth in Section 2 above. If it is necessary, we will comply with applicable laws and regulations.
• monopo london Ltd.
Name: Shun Okada
Address: Path Omotesando A3, 5-6-5 Jingumae, Shibuya-ku, Tokyo, Japan
Subjects have the right to file complaints with regulatory bodies at any time. Nevertheless, our Group would like Subjects to give our Group the opportunities to respond to such complaints before the Subjects contact the regulatory bodies, and we would appreciate it if the Data Protection Officer (DPO) would be informed in advance.
（１）Our website uses a combination of the following kinds of cookies. Cookies are text files that are stored on a computer system via an Internet browser and consist of strings that can assign pages on the Internet and server(s) to a specific Internet browser where they are stored.
① session cookies: cookies erased when users close the Internet browser
② permanent cookies: cookies remaining on the users’ computers/devices for a predefined period of time
③ first-type cookies: cookies set up by a web server and shared with the same domain
（3）By using cookies, information and advertising on our website can be optimized with the users. The purpose of this is to make our website easier for users to use.
（4）Subjects can at any time hamper the setting of the cookies used on our website by the corresponding setting of an Internet browser available, and can permanently invalidate the cookies.
（5）In addition, cookies set up already can be deleted at any time via any common Internet browser or other software programs; however, if Subjects disable the cookie setting through the Internet browsers used by the Subjects, not all the functions of our website will be fully available.
Under applicable privacy laws and regulations, including the EU General Data Protection Regulation and related laws enacted in various countries, Subjects have the following rights. In order to assert these rights, the Subjects may contact the Data Protection Officer (DPO) appointed by us at any time.
When collecting Personal Data from a Subject, Administrator must provide certain information to the Subject when obtaining Personal Data.
Administrator must provide copies of any Private Data when the relevant Subject claims for access to the Personal Data processed by us.
（3）Right of correction
Subjects may request Administrator to correct inaccurate Personal Data.
（4）Right to erase (Right to be forgotten)
Subjects have the right, in certain cases, to cause Administrator to delete the relevant Personal Data without delay.
（5）Right to restrict process
Subjects have the right, in certain cases, to restrict Administrator from processing the relevant Personal Data.
（6）Data portability rights
Subjects have the right to receive their Personal Data in a structured, commonly used and machine-readable way. The Subjects are also entitled to transfer such Personal Data to other administrators without interference from the administrator by whom such Personal Data is provided.
（7）Right to challenge
Subjects have the right to challenge process of their Personal Data, pursued by Administrator or other third parties for the purpose of legitimate interests and based on the need to process such Personal Data.
（8）Right not to undergo automated process
Subjects have the right not to be subject to a determination based solely on an automated process that has legal consequences on them or has a similar significant impact on them. We shall not perform any automated process of Personal Data of Subjects.
As Administrator, we take adequate technical and organizational security measures to protect Personal Data. If Subjects may have concern about how to transfer certain data, we will take adequate alternative measures.
（１）We may transfer Personal Data of Subjects from offices (branch offices, resident missions, local subsidiaries, etc.) located in countries or regions in the European Union (including Iceland, Liechtenstein and Norway, hereinafter referred to as the "EU") to sales branches in Japan or overseas locations of our Group. The Personal Data of the Subjects to be transferred includes the Personal Data of the users of the services of our Group and the Personal Data of the employees of monopo london Ltd.
（2）The transfer of Personal Data to Japan is based on the adequacy decision with respect to the cross-border data transfer acquired by Japan or the Standard Contractual Clauses previously entered into by our Group.
（3）The transfer of Personal Data to third countries (excluding countries and regions that have obtained adequacy decision) other than Japan and the EU will be transferred upon the execution of the Standard Contractual Clauses.
（4）Please refer to the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection_en) for details of the adequacy decision for Japan.
（5）Please contact the Data Protection Officer (DPO) for information on how to obtain the Standard Contractual Clauses that we have entered into.
Retention period of Personal Data equals to the retention period statutorily set in each EU member country and Japan. Personal Data will be deleted or destroyed promptly after the expiration of such statutory period, unless required for the purpose of agreements or process.