Sazabee, LLC (hereinafter, “the controller”) will make efforts to respect the privacy of customers, take sufficient care with respect to personal data, to protect it carefully, and manage it appropriately when operating this website and providing this service.
To implement this policy, the controller will establish a compliance program (This includes this Privacy Policy, personal data protection regulations, and other such rules and regulations.) based on the GDPR and Japan’s Personal Information Protection Law,which will be communicated fully to managers, staff, and other related people; and work to enforce, maintain, and improve it continuously.
When a customer provides personal data to the controller, customers are requested to consent to the terms of use for the service and the contents of the terms before providing data.
– Definition of Terminology
The definition of the terminology used in the Terms is as follows.
Controller | The controller refers to the party which operates the Website, provides,etc., the Service, and processes, etc., the personal data collected under these terms (Sazabee, LLC). |
Customer | Customer refers to individuals or groups, such as corporations, which use the Website and the Service, and provide customer personal data to the controller. |
EU User | EU user refers to customers who are an individual or group, such as a corporation, to which the GDPR applies. |
The Terms | The Terms refers to the privacy policy established by the controller. |
The Website | The Website refers to all sites under the management of the controller. |
The Service | The Service refers to the Cyberhermit VPN Service and all other services provided by the controller. |
Linked Website | Linked website refers to external websites, etc., linked from the Website. |
Personal Data | Personal data refers to the personal data of customers (name, email address, etc.) collected by the controller under the Terms (This includes data which is not classified as personal data, but can be easily compared with other data to identify a specific person.). Additionally, it refers to data, etc., related to the executives and employees of corporations or other groups. |
EEA | EEA refers to the European Economic Area. |
GDPR | GDPR refers to the EU’s General Data Protection Regulation. |
Supervisory Authority | Supervisory authority refers to the public agency which supervises the application of the EU’s General Data Protection Regulation. |
– Scope of the Terms
-
1. Except in cases when there are separate privacy policies for the websites or services operated by the controller, the Terms apply to the Website and the Service.
2. When there are terms of use, special provisions, or individual agreements, etc., for the Service in addition to this Agreement (hereinafter, “individual terms”), the customer shall consider the individual terms to be part of this Agreement, and give agree to both this Agreement and the individual terms.
3. The controller assumes no liability for the personal data protection (handling of personal data, etc.) or contents of linked websites.
– Order of Precedence of Terms
-
1. When the terms of this Agreement conflict with individual terms or the GDPR, the provisions of the individual terms will be applied preferentially.
2. The Terms are available in Japanese and foreign language versions. If there is a conflict between the Japanese version of the terms and a foreign language version, the provisions of the Japanese version of the terms takes precedence.
– Governing Law
-
In general, these Terms will be governed by and interpreted in accordance with Japanese law.
– Modification of the Terms of Use
-
The controller may modify these Terms without the advance consent of customers when the controller deems necessary. When modifications are made, the details of the modifications will be displayed on the Website, and the date the modifications take effect will be clearly indicated. However, when the contents of the modifications require the consent of customers by law, the consent of customers will be obtained by the means specified by the controller.
– Collection of Personal Data
-
1. The controller will collect personal data by legal and fair means.
2. As a general rule, the controller will not collect sensitive personal data. However, this does not apply in cases when the controller determines it is necessary to accomplish the Service and business activities. Additionally, if sensitive personal data is collected, the data will only be collected to the extent necessary to accomplish the Service and business activities.
3. When customer personal data collected by the controller is insufficient or the data personally entered by the customer is inaccurate, the controller may be unable to provide the Services to the customer wholly or in part.
4. If the personal data has not been obtained from the customer directly, the controller will notify the customer about the source of the data.
– Personal Data Collected
-
1. Under the Terms, the controller may collect the following personal data.
Name, email address, country of residence, address, telephone number, credit card data, unique terminal ID of mobile telephone or smartphone, etc., log data, online identifier (IP address, cookies), anonymous ID, and any other data entered by the customer in an input form prescribed by the controller or communicated to the controller by the customer (inquiries, contents of questions, etc.)
2. The following data provided from external services, such as social media
(1) ID, etc., used by the customer on the external service
(2) Other data the customer has requested the partner service disclose through the privacy settings, etc., of the external service.
– Personal Data of Children Under 16
-
1. The controller will not collect personal data directly from children under 16 years of age. When processing personal data in connection with providing information-oriented social services directly to children under 16 years of age, the consent or permission of the person responsible for the guardianship of the child will be obtained.
2. If personal data obtained without the consent or permission of the person responsible for guardianship is discovered, the controller will delete the personal data without delay.
– Processing of Personal Data
-
1. The controller will maintain the accuracy of personal data and manage it securely.
2. To prevent the loss, destruction, manipulation, or leaking, etc., of personal data, the controller will take appropriate data security measures against unauthorized access and computer viruses, etc.
3. The controller will not leak personal data by transporting or transmitting it to an outside party.
4. When a breach of personal data (data leak) occurs, the controller will notify the supervisory authority within 72 hours. Additionally, the customer will be notified without delay. However, this does not include cases when the personal data breach does not present a risk to the customer’s rights and freedoms. Furthermore, if there are circumstances which prevent notification within 72 hours, the controller will give the reason for the delay together with the notice.
– Use of Personal Data
-
1. The controller will use the personal data collected to accomplish the Service and business activities based on the grounds prescribed in the Terms (Grounds for Processing) within the limits of the Terms or the purpose of use indicated at the time of collection.
2. Customers are requested to give consent for the use of personal data by the controller to solicit opinions and requests, to provide data for the purpose of improving the Services, or for publicity and advertising, etc.
– Purposes of Use for Personal Data
-
The purposes of use for personal data and the personal data used are as follows.
Purpose of Use | Data Used |
To provide the Services (This includes identity verification and referencing of usage of the Services, etc., by the controller.). | Email address, credit card data, unique terminal ID of mobile telephone or smartphone, etc., log data, online identifier (IP address, cookies), anonymous ID |
To respond to inquiries from the customer. | Name, email address, inquiry contents, any other data the customer has communicated to the controller |
To send direct mailings to the customer | Email address |
To collect and store logs for processing personal data. The personal data will be retained for a reasonable period of time as determined by the controller. | Unique terminal ID of mobile telephone or smartphone, etc., log data, online identifier (IP address, cookies), anonymous ID |
To send an email newsletter to the customer. | Email address |
To post the contents of questions from customers on the Website, etc. (The data provided will be anonymized.) | Name, email address, inquiry contents, data entered by the customer into an input form prescribed by the controller, and any other data the customer has communicated to the controller (contents of questions, etc.) |
To send regularly issued documents to the customer, such as invoices and receipts, etc. | Name, email address |
To send, etc., data to other services, etc., (This include providing data to partners.) to enable the customer to use the Services conveniently based on the customer’s instructions. | Name, any other data the customer has communicated to the controller |
To identify individuals by name or address, etc., when refusing access to customers who violated the Terms by causing damage to a third party, etc., or who attempt to use the Website or the Service for illegitimate or unlawful purposes. | Name, email address, country of residence, address, telephone number, credit card data, unique terminal ID of mobile telephone or smartphone, etc., log data, online identifier (IP address, cookies), anonymous ID |
To make contact, etc., in connection with the above (messages about changes to the terms, obtaining consent, suspending the Service, notification of discontinuation). | Name, email address, inquiry contents, any other data the customer has communicated to the controller |
– Outsourcing of Personal Data
-
The customer consents to the outsourcing of the handling of personal data to third parties by the controller to achieve the goals of the Services. In such cases, the controller will conduct a thorough examination of the third parties, and supervise them appropriately to ensure confidentiality.
– Personal Data Retention Period, etc.
-
1. The controller will retain the personal data of the customer for as long as the customer continues to use the Services.
2. The controller will retain transaction data, usage data for the Service, and other such data for a maximum of seven years (hereinafter, “the data retention period”) in connection with the regulations and other requirements in the region where the controller conducts its business operations. When the data retention period has elapsed, the controller will delete or anonymize such personal data in accordance with the applicable laws.
3. A customer may request the deletion of their personal account (personal data) for the Service. The controller will delete the data, restrict its use, or anonymize the personal data in response to such requests at the controller’s discretion.
– Provision of Information to Third Parties, etc.
-
1. The controller will not disclose, provide, or transfer personal data to third parties without obtaining the consent of the customer first, except in the circumstances specified below.
2. If any of the following circumstances apply, the controller may provide the minimum necessary personal data beyond the limits of the purposes of use without obtaining the consent of the customer.
(1) When it is required by a country’s laws
(2) When it is necessary for cooperating with a government agency or local authority of a country, or those entrusted by the former two in executing duties prescribed by laws and regulations, and obtaining the consent of the customer is likely to interfere with the execution of the controller’s duties
(3) When it is necessary to preserve the life, body, or property of an individual, and it is difficult to obtain the consent of the customer
(4) When it is specially necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the customer
3. When providing personal data in the previous two cases; if there is no legitimate legal basis for the request from a government agency, etc., or if the request, etc., is considered unclear, improper, or too broad, the controller will file an objection to the request, etc., and deny the request, etc.
– Shared Use
-
The controller will not engage in shared use of personal data.
– Overview
-
1. The GDPR applies to the processing of the personal data of EU users, and EU users possess the following rights regarding the handling of personal data listed in this chapter. EU users shall confirm the grounds for processing personal data and the rights of EU users regarding the handling of personal data under the GDPR.
2. As “EU user” is synonymous with “customer” in this chapter, they may be considered interchangeable.
– Customers Outside the EEA
-
Customers outside the EEA may also request the explanation, correction, or deletion, etc., of their own personal data.
– Grounds for Processing
-
1. The controller processes (retain, utilize, etc.) the personal data of EU users for one or more of the grounds (see table below) provided for under the GDPR. However, the controller will obtain the consent of the customer when doing such processing.
2. The grounds for processing are as follows. Please refer to Purposes of Use for Personal Data regarding the purposes of use for personal data and the data used.
Grounds | Details |
To provide services and features requested by EU Users. | The controller needs to obtain and utilize certain data in order to provide services. |
To protect the interests of EU users or third parties | Processing data, including disclosure of data to law enforcement agencies, etc., is necessary when the security of EU users or a third party is threatened. |
To protect the legitimate interests of third parties | The controller collects and enables the use of personal data within the extent necessary to protect the interests of the public or third parties. |
To protect the legitimate interests of the controller | The controller collects and enables the use of personal data within the extent necessary to protect the legitimate interests of the controller. |
To fulfill the controller’s legal obligations | The controller will disclose, etc., the personal data of customers in compliance with requests from government agencies, etc. Personal data is retained long term for the purpose of submitting copies of the data to government agencies, etc. |
– Consent to the Use of Personal Data, etc.
-
The controller will collect and use the personal data of the customer with the consent of the customer. Consent can be revoked at any time. However, if consent is revoked, the customer accepts that they will be unable to use the services or features provided by the controller.
– Disclosure of Personal Data
-
1. When the customer requests the disclosure of personal data, the controller will confirm that the demand came from the customer personally, and disclose the personal data to the customer without delay (If such personal data does not exist, the customer will be notified to that effect.) However, this does not apply when the controller is not obliged to make the disclosure by the Personal Information Protection Law or other laws and regulations.
2. When a customer has requested the disclosure of their own personal data, the controller will disclose the data to the individual. However, if any of the following circumstances would apply result from the disclosure, disclosure may not be made wholly or in part, and if it is decided not to make the disclosure, the customer will be notified to that effect. Additionally, there is a handling fee of 1,000 yen for each disclosure of personal data.
(1) When there is the possibility of harm to the life, body, property, or other rights or interests of the customer or a third party
(2) When there is the possibility of seriously interfering with the proper execution of the business activities of the controller
(3) When it would result in the violation of another law or statute
3. Notwithstanding the provisions of the previous section, as a general rule, the controller will not disclose usage histories or characteristics data.
– Explanations and Copies of Personal Data Inquiries
-
1. Customers have the right to request an explanation of the personal data held by the controller and the ways such personal data is used by the controller, etc.
2. When the controller has collected personal data with the consent of the customer, or when it was collected because it is necessary for providing a service requested by the customer, the customer has the right to receive a copy of the data collected by the controller from the customer.
– Correction and Discontinuing Use of Personal Data
-
When there is a request from a customer to correct personal data because it is false, or there is a request to discontinue use because the data is being used for purposes of use outside the limits presented in advance, or because it was collected by deception or other dishonest methods; the controller will conduct any necessary investigation without delay after confirming that the request came from the customer, correct or discontinue use of the personal data based on the findings, and notify the customer to that effect. However, when discontinuing use, etc., of the personal data would have a large cost or discontinuing use, etc., is difficult for other reasons, and it is possible to take alternative measures required to protect the rights and interests of the individual, alternative measures will be taken. Additionally, when a decision has been made not to make corrections or discontinue use on reasonable grounds, the customer will be notified to that effect.
– Deletion of Personal Data
-
1. When a customer requests the deletion of personal data and the controller has determined it is necessary to comply with the demand, the controller will verify that the demand came from the customer before deleting the personal data, and will notify the customer to that effect.
2. The provisions of the previous section do not apply when the controller is not obliged to make corrections or discontinue use, etc., by the GDPR, Personal Information Protection Law, or other laws or regulations.
3. The customer agrees that the controller may be unable to provide the Services in whole or in part as a result of deletion.
– Filing Inquiries or Objections about Personal Data Processing
-
1. The customer has the right to file an objection regarding the processing of personal data by the controller. This includes processing for marketing purposes through profiling and automated decision-making. Additionally, even if an objection is filed, the controller may continue to process such personal data within the limits permitted by the GDPR, Personal Information Protection Law, and other laws and regulations.
2. For inquiries about personal data or to file objections, contact the supervisor by the methods listed at “Contact Information” below.
– Partnership with External Services
-
The Websites may partner with external services such as Twitter and Facebook (hereinafter, “social media, etc.”).The customer consents to the disclosure or circulation of data, etc., entered by the customer to social media, etc.
– Use of Cookies
-
Cookies are used by the Website. Cookies are used for the convenience of customers when revisiting the Website, and do not infringe of the privacy of customers. Additionally, it is possible to allow or forbid the use of cookies through browser settings, but please understand that this may result in being unable to use the Website or the Service wholly or in part.
– Use of Web Beacons
-
A web beacon may be used on the Website. A web beacon is a technology for obtaining statistical data about the access status, etc., of web pages, and does not identify specific individuals.
– Protection of Personal Data by SSL
-
The Websites incorporate SSL into pages used to enter personal data to protect the personal data of customers. SSL (Secure Socket Layer) is a protocol for encrypting and transmitting data on the Internet.
The personal data entered by the customer is automatically encrypted when the personal data is sent.
By using a web browser that supports security features, the personal data entered by customers, such as names and email addresses, is automatically encrypted before sending, so even if the transmitted data is intercepted by a third party, there are no worries that the contents can be read or rewritten.
Additionally, please understand that using a browser which does not support SSL, you may be unable to access the Website or enter data, etc.
– Disclaimers
-
The controller assumes no liability for the following, and offers no support or guarantees, etc.
1. When personal data is circulated or displayed on an external social media service, whether intentionally or accidentally on the part of the customer
2. When there is an inquiry or complaint from a third party, when there is a dispute between the customer and a third party, or when the customer has caused damages to a third party in the above case.
3. The accuracy of personal data entered by the customer in the input forms prescribed by the controller (This also applies in cases when the controller has made corrections to personal data and the personal data contains errors.).
– Organization and Framework
-
1. The controller will appoint a personal data protection officer, and manage personal data appropriately.
2. The controller will conduct training of executives and staff in personal data security and proper management methods, and take great care to handle personal data appropriately in everyday operations.
– Contact Information
-
For inquiries regarding personal data, or to file an objection, please contact the relevant contact person (Personal Data Protection officer) by the following methods.
Sazabee, LLC Personal Data Protection Officer
Please use the following contact form.
https://cyberhermit.net/ja/contactjp/ (Japanese)
https://cyberhermit.net/contact/ (English)