Privacy Policy

SuRaLa Net co., Ltd. (hereinafter referred to as “Company”, “We”, “Us”, or “Our”) is committed to protecting the privacy of the users of our website. Please read this Privacy Policy carefully before using our site (https://surala-net.com).

1. Definition

   The definitions of terms in this Privacy Policy are as follows

   Personal data	This means customer information that can be used to identify an individual.
   Processor	A person or organization that handles the Company’s personal data on behalf of the Company.
   Acquirer	The term “acquirer” means any person or organization to whom personal data is disclosed. However, public authorities that may obtain personal data within the framework of a special investigation in accordance with EU law or the national law of a Member State are not considered to be acquirers. The handling of such data by public authorities shall be in accordance with the purpose of the handling and compliance with the applicable data protection regulations.
   third party	This means any person or entity other than the customer, Company, the processor, or any person or entity that has consented to the processing of personal data with our or the processor’s direct authorization.
   Processing limitations	This means to mark personal data that has been recorded and stored to limit its processing in the future.
   Processing	This means any business process carried out on personal data, such as collecting, recording, compiling, organizing, storing, correcting or changing, referring, using, disclosing by transmission, distributing, or otherwise making available for other usages, aligning or combining, restricting, erasing, or destroying the information.
   Profiling	This means the automatic processing of personal data, in any form, consisting of the use of customer and related information (personal data for analysis and prediction of customer’s abilities, financial status, health, personal preferences, interests, reliability, behavior, location, and movement).
   Customer’s consent	This means an indication of your intention. By doing so, you are expressing your consent to the processing of personal data relating to you.

2. Company Name and Address

   Address: PMO Uchikanda. 7F, 1-14-10, Uchikanda, Chiyoda-ku, Tokyo
   Phone: +81-3 – 5283 – 5158
   E-mail: privacy@surala.jp
   Website: https://surala-net.com

3. Cookie

   Our internet pages use cookies.
   A cookie is a text file that is stored on your computer system via your Internet browser. Cookies are used to temporarily store data on your computer when you use a website, and by using them, the Company’s server may acquire information such as your behavioral history within the Company’s website (accessed URLs, contents, reference order, etc.), age, gender, occupation, area of residence, and location information.
   By using cookies, we can make our website easier to use and provide a more user-friendly service.
   You can prevent the setting of cookies through our website at any time by adjusting the corresponding settings on your Internet browser, and you can permanently disable the setting of cookies. Please contact the manufacturer of the software for instructions on how to set your browser.

4. GOOGLE ANALYTICS

   Our website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google Ireland”), in the European Economic Area and Switzerland and otherwise provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

   Google Analytics uses cookies that are stored on your computer to facilitate the analysis of your use of our website. The information generated by the cookie about your use of our website will be transmitted to Google Ireland / Google and may be stored by Google on servers in the United States. IP anonymization is activated on our website and your IP address will be shortened. In very exceptional cases, the full IP address will be transmitted to a Google server in the USA, where it will be shortened. Google Ireland / Google will use this information for the purpose of evaluating websites on our behalf to compile reports on website activity and to provide other services relating to website activity and internet usage on our behalf. Google Ireland / Google will not associate the IP address transferred in the context of Google Analytics with any other data held by Google Ireland or Google. Google Analytics will only become effective if you consent to its use. If you have given your consent to the use of Google Analytics, you can deactivate it at any time by downloading/installing the browser plug-in via the link below.
   http://tools.google.com/dlpage/gaoptout?hl=en.

   For the avoidance of doubt, if you are located in the European Union (EU) or Brazil, the legal basis for the activation of Google Analytics is your consent as set forth in the applicable data protection legislation (Article 6(1)(a) GDPR or Article 8(1) LGPD). Furthermore, if you are located in the European Union (EU) or Brazil, the legal basis for the subsequent processing of data collected through Google Analytics, including its use, analysis, and storage, is your legitimate interest as set forth in the applicable data protection legislation (Article 6(1)(f) GDPR or Article 8(9) LGPD). The legitimate interest we pursue is the improvement and optimization of our website for the benefit of our website visitors.

   If you are located in the European Union or Brazil, you may have the right to object at any time on grounds relating to your respective situation. In order to exercise this right, you may download or install the browser plug-in described above.

   For further information please visit
   https://www.google.com/analytics/terms/ or https://support.google.com/analytics/answer/6004245?hl=en

5. Purpose of processing personal data
   1. Purpose of processing

      We process personal data only for the following purposes

      Personal information about customers and business partners

      1. Provision of services such as maintenance, inspection, and repair of products in our business
      2. Planning, research, development, testing, and demonstration of products in our business
      3. Management of customer information, payment, and processing of income
      4. Various communications, business negotiations, and conclusion of contracts necessary for business
      5. Responding to various inquiries
   2. Source of personal data

      For the purpose of the processing described in (1) above, the Company will acquire personal data from the following sources

      1. Obtained directly from the customer (e.g., personal data entered on the Company’s application form site, etc.)
      2. Obtained indirectly from customers (e.g., IP address obtained when browsing our website)
      3. Public information (information on the Internet)
      4. Social media (e.g. Twitter, LinkedIn, Facebook)
   3. Types of personal data to be acquired
      1. Personal attribute information
      2. Personal purchase history related to personal data processed by the Company
      3. Products and services provided
      4. Educational background
      5. Achievement data
      6. Activity log (when the customer studied, date and time of access to various applications by customers, parents, teachers, etc.)
      7. Learning history (which problems were solved)
      8. Assignment history (what kind of assignment was given)
      9. The attribute information of the school customers want to attend (school deviation range, national, public, private, etc.)
      10. The attribute information of the school customers are enrolled in (school deviation range, national, public, private, etc.)
   4. Provision and Sharing of Personal Data

      We may share personal data with the following third parties for the purposes of processing described in (1) above. Where this is necessary, the Company will comply with applicable privacy laws and regulations.

      • Subcontractors
      • Professional experts such as lawyers, tax accountants, and certified public accountants
      • Financial institutions
      • Current, past, and future employees
      • Service providers and suppliers
6. Legal grounds for the processing of personal data

   The legal grounds for processing is as follows

   1. If you have given your consent to the processing of your personal data for a specific purpose.
      If the processing is based on the customer’s consent in (1) above, the customer has the right to withdraw this consent.
   2. if the processing is necessary for the performance of a contract to which the customer is a party, or to carry out a procedure at the customer’s request prior to the conclusion of the contract.
   3. if the processing is necessary to comply with a legal obligation to which we are subject.
   4. if the processing is necessary to protect the vital interests of the customer or another natural person.
   5. if the processing is necessary for the performance of a task carried out in the public interest or the exercise of official authority granted to the Company.
   6. if the processing is necessary for legitimate interests pursued by the Company or a third party. The processing is necessary for the legitimate interests pursued by the Company or a third party, except where the fundamental rights and freedoms of the customer, in particular the protection of personal data of children who are customers, prevail over such interests.
      The following cases may be cited as cases that the legitimate interests are the lawful basis for the processing in (6),
      • Marketing to customers (direct marketing)
      • Customer service for customers.
7. YOUR RIGHTS

   Under applicable privacy laws and regulations, including GDPR, you have the following rights

   1. Information Rights
      When we collect personal data from you, we must provide you with certain information at the time we obtain the personal data.
   2. Right of access
      We must provide you with a copy of the personal data being processed upon your access request.
   3. Right to correction
      You may ask us to correct inaccurate personal data.
   4. Right to erasure (Right to be forgotten)
      You have the right to obtain the deletion of personal data concerning you from us without delay in certain cases.
   5. Right to restrict processing
      You have the right to have us restrict the processing of your personal data in certain cases.
   6. Right to notice of correction, deletion, or restriction of processing of personal data
      In the case of (3) through (5) above, the Company will inform the data subject of this processing and notify the data subject of the processing if requested by the customer.
   7. Right to Data Portability
      You have the right to receive personal data relating to you in a structured, commonly used, and machine-readable format. You also have the right to transfer such data to another company without interference from the Company to which the personal data was provided.
   8. Right to object
      You have the right to object to processing your personal data based on the necessity of the processing for purposes of legitimate interests pursued by us or by third parties.
   9. Right not to be subjected to automated processing, including profiling
      You have the right not to be subjected to decisions based solely on automated processing, including profiling, that have legal effects on you or that have a similarly significant impact on you. We do not perform automated processing, including profiling, on your personal data.
8. Security Control Measures

   We have put in place adequate technical and organizational safeguards to protect personal data. If you have concerns about a particular method of data transfer or other issues, we will take adequate alternative measures.

9. Cross-Border Data Transfer

   The transfer of personal data of data subjects to Japan will be based on the sufficiency certification for cross-border data transfers obtained by the Japanese government.

   The transfer of personal data to third countries outside of Japan and the EU (excluding countries and regions that have obtained sufficiency certification) will be conducted by concluding Standard Contractual Clauses.

   For more information on the sufficiency certification of Japan, please visit the European Commission’s website (https://ec.europa.eu/info/law/law-topic/data-protection_en).

10.   Personal Data Storage Time

    The storage time for personal data is the legal retention period in Japan. Personal data will be deleted promptly and securely after the legal retention period has expired unless this is necessary for connection with the purpose of the contract or other processing.

11.   General Provisions

    This Privacy Policy was last revised on Jun 11, 2021. We may change this Privacy Policy from time to time as required by law or in accordance with our policies. However, we will not use your personal data in any new way without your consent.