1.Introduction

monopo inc. and its subsidiaries (hereinafter referred to as "our Group") acknowledge the importance of Personal Data, meaning information with respect to identified or identifiable natural persons (hereinafter referred to as "Subjects") acquired or processed by our Group as described in Section 4 and shall comply with laws and regulations related to the protection of personal information and, in order to ensure thorough protection of such information, handle Personal Data in accordance with the following policy (hereinafter referred to as "this Privacy Policy"). In this Privacy Policy, "process" means collectively any disposal executed on Personal Data, including but not limited to collection, recording, compilation, organization, storage, modification or alteration, retrieval, reference, use, disclosure by transmission, distribution arrangement or combination, restriction, deletion and destruction of Personal Data, whether or not by automatic means.

2.Purpose of and Legal Ground for the Process of Personal Data

We shall acquire Personal Data through lawful and justifiable means and use it only for the following purposes:
(1)Personal Data concerning users of our Group's services and business partners
① for providing services related to construction, maintenance, inspection, and repair of services of our Group
② for planning, researching, developing, and testing services of our Group
③ for management of access to our facilities
④ for management of information of business connections, payment and revenue processing
⑤ for communications, business negotiations, and execution of contracts necessary for our business
⑥ for response to various inquiries
Our Group may process Personal Data in order to perform obligations under contracts that have been executed with customers or vendors of our Group's services; in other words, in order to perform operations in the ordinary course of our business.
(2)Personal Data of job applicants
① for providing employment information, etc. and contacting job applicants
② for management of our recruitment
Our Group may process Personal Data for the purpose of legitimate interests to the extent necessary for the recruitment of those who work for our Group.
(3)Personal Data concerning employees
① for human resource management
② for payment of salaries, bonuses, etc.
③ for procedures of social insurances, tax matters, and so on
④ for communication with affiliated companies or certain companies our Group’s employees are seconded to
⑤ for retirement procedures
⑥ for emergency contact
⑦ for notification or report to government offices
⑧ for other procedures or communications necessary in the ordinary course of our Group’s business.
Our Group may process Personal Data for the purpose of legitimate interests, to the extent necessary to provide appropriate labor management or welfare benefits for those working for our Group, or to comply with the legal obligations imposed on Administrator.
(4)Marketing
Our group shall obtain prior consent from users of our Group’s services in the case where our Group contacts them by e-mail for marketing purposes. Such process of Personal Data is necessary for the purpose of legitimate interests; that is, it is necessary for our Group to communicate with the users of our Group's services and to provide them with our Group’s services.
(5)Customer Service
Our Group may use Personal Data of users of our Group's services to provide customer services. Such process of Personal Data is necessary for the purpose of performance of agreements or legitimate interests.

3.Source of Personal Data

For the purpose of use described in Section 2 above, we collect Personal Data from the following sources:
① Subjects (directly) (e.g. Personal Data stated in an application form, etc.)
② Subjects (indirectly) (e.g. IP address obtained when our site is browsed, etc.)
③ public information (information on the Internet)
④ social medias (e.g. Twitter, LinkedIn, Facebook)
⑤ investigation reports provided by third parties

4.Types of Personal Data to be Acquired

① information on attributes of Subjects
② history of purchasing data of Subjects among Personal Data processed by our Group
③ details of products and services provided to Subjects
④ financial information
⑤ academic backgrounds
⑥ work experience
⑦ other information that can identify a specific individual (including information that can be easily collated with other information, thereby making it possible to identify a specific individual)

5.Providing or Sharing Personal Data

Our Group may need to share Personal Data with the following third party for the purpose of process set forth in Section 2 above. If it is necessary, we will comply with applicable laws and regulations.
• monopo london Ltd.

6.Name and Address of Administrator

Administrator means monopo inc. in this Privacy Policy.
Address: 2-2-8 Sendagaya, Shibuya-ku, Tokyo, Japan
E-mail: privacy@monopo.co.jp
Website: https://monopo.co.jp

7.Name and Address of Data Protection Officer (DPO)

Name: Shun Okada
Address: Path Omotesando A3, 5-6-5 Jingumae, Shibuya-ku, Tokyo, Japan
E-mail: shun.okada@monopo.co.jp
Website: https://monopo.co.jp
Subjects have the right to file complaints with regulatory bodies at any time. Nevertheless, our Group would like Subjects to give our Group the opportunities to respond to such complaints before the Subjects contact the regulatory bodies, and we would appreciate it if the Data Protection Officer (DPO) would be informed in advance.

8.Cookies

(1)Our website uses a combination of the following kinds of cookies. Cookies are text files that are stored on a computer system via an Internet browser and consist of strings that can assign pages on the Internet and server(s) to a specific Internet browser where they are stored.
① session cookies: cookies erased when users close the Internet browser
② permanent cookies: cookies remaining on the users’ computers/devices for a predefined period of time
③ first-type cookies: cookies set up by a web server and shared with the same domain
④ third-party cookies: cookies stored by a domain other than the domain of the visited page (these cookies occur when a web page refers to files such as JavaScript located outside its domain)
(2)Our Group can use cookies to identify the individual browsers of Subjects and provide users of this website with user-friendly services that are not possible without any set-up for the cookies.
(3)By using cookies, information and advertising on our website can be optimized with the users. The purpose of this is to make our website easier for users to use.
(4)Subjects can at any time hamper the setting of the cookies used on our website by the corresponding setting of an Internet browser available, and can permanently invalidate the cookies.
(5)In addition, cookies set up already can be deleted at any time via any common Internet browser or other software programs; however, if Subjects disable the cookie setting through the Internet browsers used by the Subjects, not all the functions of our website will be fully available.

9.Rights of Subjects

Under applicable privacy laws and regulations, including the EU General Data Protection Regulation and related laws enacted in various countries, Subjects have the following rights. In order to assert these rights, the Subjects may contact the Data Protection Officer (DPO) appointed by us at any time.
(1)Information rights
When collecting Personal Data from a Subject, Administrator must provide certain information to the Subject when obtaining Personal Data.
(2)Access rights
Administrator must provide copies of any Private Data when the relevant Subject claims for access to the Personal Data processed by us.
(3)Right of correction
Subjects may request Administrator to correct inaccurate Personal Data.
(4)Right to erase (Right to be forgotten)
Subjects have the right, in certain cases, to cause Administrator to delete the relevant Personal Data without delay.
(5)Right to restrict process
Subjects have the right, in certain cases, to restrict Administrator from processing the relevant Personal Data.
(6)Data portability rights
Subjects have the right to receive their Personal Data in a structured, commonly used and machine-readable way. The Subjects are also entitled to transfer such Personal Data to other administrators without interference from the administrator by whom such Personal Data is provided.
(7)Right to challenge
Subjects have the right to challenge process of their Personal Data, pursued by Administrator or other third parties for the purpose of legitimate interests and based on the need to process such Personal Data.
(8)Right not to undergo automated process
Subjects have the right not to be subject to a determination based solely on an automated process that has legal consequences on them or has a similar significant impact on them. We shall not perform any automated process of Personal Data of Subjects.

10.Security Control

As Administrator, we take adequate technical and organizational security measures to protect Personal Data. If Subjects may have concern about how to transfer certain data, we will take adequate alternative measures.

11.Transfer of Personal Data to a Third Country

(1)We may transfer Personal Data of Subjects from offices (branch offices, resident missions, local subsidiaries, etc.) located in countries or regions in the European Union (including Iceland, Liechtenstein and Norway, hereinafter referred to as the "EU") to sales branches in Japan or overseas locations of our Group. The Personal Data of the Subjects to be transferred includes the Personal Data of the users of the services of our Group and the Personal Data of the employees of monopo london Ltd.
(2)The transfer of Personal Data to Japan is based on the adequacy decision with respect to the cross-border data transfer acquired by Japan or the Standard Contractual Clauses previously entered into by our Group.
(3)The transfer of Personal Data to third countries (excluding countries and regions that have obtained adequacy decision) other than Japan and the EU will be transferred upon the execution of the Standard Contractual Clauses.
(4)Please refer to the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection_en) for details of the adequacy decision for Japan.
(5)Please contact the Data Protection Officer (DPO) for information on how to obtain the Standard Contractual Clauses that we have entered into.

12.Retention Period of Personal Data

Retention period of Personal Data equals to the retention period statutorily set in each EU member country and Japan. Personal Data will be deleted or destroyed promptly after the expiration of such statutory period, unless required for the purpose of agreements or process.

13.GENERAL PROVISIONS

The latest revision to this Privacy Policy was made on November 21, 2019. We may change this Privacy Policy in accordance with laws and regulations or our policies; however, we will not use the Personal Data of Subject in a different way without obtaining their consent.