Privacy PolicyHandling of Information Belonging to Customers, and Business partners, etc.

1. Basic Policy

Kyoto Research Park Corporation(hereafter referred to as “KRP”), recognize that protecting the privacy of our customers and their personal information is the basis of KRP’s business and one of KRP’s social responsibilities. In order to responsibly protect our customers’ personal information, KRP has established the personal information protection policy set forth below. In this GDPR Privacy Policy(hereafter referred to as “Privacy Policy”), KRP has established an in-house system and strategies for protecting personal information (hereafter referred to collectively as “Personal Information”) set forth in the General Data Protection Regulation (hereafter referred to as “GDPR”), which it is committed to implementing, maintaining, and continuously improving. KRP’s Personal Information protection system and activities are designed to comply with all relevant legislation and in-house rules, and to be worthy of our customers’ confidence.

2. Obtaining personal information from customers

2-1. Obtaining personal information

In the course of providing services to our customers, KRP may obtain from customers such Personal Information as their name, address, and contact information. When obtaining Personal Information from customers, only the necessary information will be obtained, and the purpose and extent of the utilization of the information will be clearly explained.

2-2. How information is obtained

Personal Information is obtained by the following means in the course of customer transactions with KRP, related to our facilities or products (such as rental ofiices and labs, rental meeting rooms, banquet, or bar/restaurant facilities, product sales, the provision/sale of amenities, the provision of services, and the holding of events) and other transactions.

  1. Directly from the customer
    By telephone, in writing, from business cards, verbally, or over the Internet.
  2. From a person duly authorized by the customer
    Such authorized persons may include those authorized to make a reservation on behalf of a customer or to introduce a customer, travel agencies, package tour companies, and organizers of conferences or events.
  3. From published information
    Newspapers, Internet, telephone books, publications, and other written materials.

2-3. Types of personal information obtained by KRP

The personal information obtained by KRP may include the following information:

  1. Customer’s basic information (home address, name, gender, date of birth, email address, telephone number, facsimile number, mailing address, etc.)
  2. Customer’s additional information (occupation, place of work (company name, address, telephone number, post, position), date of marriage, family (name, relationship, birthdate), etc.)
  3. Payment information (bank account, billing address, etc.)
  4. Service usage information (usage status of facilities, etc.)
  5. Contents of contact (email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys, etc.)
  6. Information obtained by the security system (security camera, card key, etc.)
  7. Information automatically obtained by websites of KRP (cookie, IP address, browser type, date and time of access, etc.)
  8. Customer requirements regarding rental offices and labs, rental meeting rooms, leisure activities, and other services, information required to fulfill special requirements.
  9. Information required by administrative instructions, bylaws or ordinances.

2-4. Right to refuse to provide personal information

KRP does not compel customers to provide Personal Information. At all times, the customer has the right to choose whether or not to provide Personal Information to KRP. However, in the event that a customer refuses to provide 1. his/her basic information, 2. Customer’s additional information, and 3. payment information mentioned above in 2-3, it may not be possible to provide certain services, such as making reservations and using our facilities.

2-5. Sensitive Data

KRP will not obtain customer’s Sensitive Data (racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership) and data related to criminal offences unless otherwise referred to in GDPR.

3. Consent

3-1. Consent

The consent of the customer will, as a rule, be the legal basis of the processing of Personal Information by KRP (hereafter referred to as “Processing”). Necessity for the performance of a contract to which the customer is party to, necessity in order to take steps at the request of the customer prior to entering into a contract, necessity for the purposes of the legitimate interests pursued by KRP or by a third party, or necessity for compliance with a legal obligation to which KRP is subject will be the legal basis of Processing without such consent.

3-2. Withdrawal of consent

Customers may withdraw his/her consent at any time. The withdrawal of consent will not affect the lawfulness of Processing based on consent before its withdrawal. The customer may withdraw his/her consent by using the form on our website or by contacting our contact for personal information-related inquiries.

4. Use of customer Personal Information

4-1. Purposes for which Personal Information is used

KRP uses customer’s Personal Information only for the purpose(s) and within the scope made clear to the customer. KRP makes absolutely no use of Personal Information for other purposes or beyond the indicated scope.

4-2. Types of Personal Information obtained by KRP and purposes of use

The Personal Information obtained by KRP is used for the following purposes:

  1. The provision of office space;
  2. the provision of experiment/research spaces;
  3. the provision of parking spaces;
  4. energy supply business;
  5. server housing business;
  6. convention business;
  7. entrepreneur support business;
  8. various projects in collaboration with industry, academia and the government;
  9. notifications/public relations and survey/data collection/analysis relating to each of the business stated above; and
  10. any other business incidental to each of the preceding business/projects.
    The provision of various types of information in the above cases is by such means as direct contact with the customer, direct mailings, or email.

When information is to be used for purposes other than the above, the purpose and limits of the proposed use are made clear to the customer prior to the acquisition or use of the personal information and is only obtained or used with the consent of the customer.

4-3. Handling of credit card payment information

The payment information such as credit card numbers, expiration dates, etc. entered on our website (or the website of the credit card payment agency the customer is transferred to from our website) along the use of our service, is transmitted directly to the payment agency; we do not retain payment information such as the customer's credit card information.

4-4. Use of cookies

Cookies are a widely used technology on the Internet for identifying a customer’s computer. For purposes listed in 4-2, and also purposes of providing information appropriately and ensuring security at websites, and statistically analyzing maintenance management and usage status of websites, KRPmay use information identifying the customer such as IP address, browser type, date and time of access, etc. combined with information on pages browsed by the customer, which is collected using cookies. Customers can disable cookies by changing their browser settings, but this may result in an inability to access some or all of the services provided on the website.

5. Provision to third parties and joint use of personal information

5-1. Limits to provision of information to third parties and joint use of information

We may, with the consent of the customer, provide the customer's Personal Information in whole or in part to third parties described in this Policy or engage in the joint use of such information. In this case, we will consider the choice of above-mentioned third parties and joint users, and require them to manage the above-mentioned information appropriately by complying with GDPR, etc. just as we do.

5-2. Monitoring of subcontractors

When using customer’s Personal Information, KRP may subcontract such information to a third party to the extent of legitimate use. KRP will require subcontractors to strictly manage Personal Information as if it were KRP, and ensure necessary and appropriate monitoring of subcontractors.

5-3. Scope and purposes of joint use of Personal Information

KRP may jointly use Personal Information with Group companies and other companies within the approved scope of use. As a rule, jointly used Personal Information includes the following:

  1. Customer’s basic information (home address, name, gender, date of birth, email address, telephone number, facsimile number, mailing address etc.)
  2. Customer’s additional information (occupation, place of work (company name, address, telephone number, post, position), date of marriage, family (name, relationship, birthdate) etc.)
  3. Payment information (bank account, billing address etc.)
  4. Service usage information (purchase status of goods etc.)
  5. Contents of contact (email, input form of the website, facsimile, note made during a telephone call, letter, answer for surveys etc.)
  6. Information obtained by the security system (security camera, card key etc.)
  7. Information automatically obtained by websites of KRP (cookie, IP address, browser type, date and time of access etc.)
  8. Customer requirements regarding rental offices and labs, rental meeting rooms, leisure activities, and other services, information required to fulfill special requirements.
  9. Information required by administrative instructions, bylaws or ordinances.

5-4. Subcontractors and joint users

  1. When subcontracting the Processing of Personal Information wholly or partly, such subcontractor
  2. Partners and subcontractors of business which provides goods and service, etc. to customers such as accommodation, food and drink, and, leisure activity, etc
  3. Management companies of facilities, equipment, and system, and cooperative companies and tenants and lessees of Group facilities
  4. Travel agencies, event planning companies, carriers and other clients of relevant business
  5. Enterprises and professionals which gives professional advice regarding management and operation, etc.
  6. Other clients, partners, and mediators of KRP
  7. When jointly using Personal Information, joint user of such information
  8. Daigas Group company
  9. When providing Personal Information based on law, etc., the recipient of such information

6. Handling of personal information

6-1. Maintenance of accurate Personal Information

KRP employs appropriate measures to ensure that customer Personal Information is kept accurate and up-to-date.

6-2. Storage period of Personal Information

KRP will only store the Personal Information for the period necessary for the achievement of the purpose of use, and within a reasonable period after the expiration of the storage period, safely erase or anonymize the Personal Information.

6-3. Automated means

KRP will not make decisions only on automated means such as profiling of Personal Information.

6-4. Customers’ rights to the Personal Information

Customers have the following rights based on GDPR, etc. Customers may exercise such rights by using KRP’s website form or contacting a Group representative of Personal Information. In cases where a customer exercises such rights, except on exceptions stated in GDPR, etc., KRP will conduct an identity verification, and as a rule, contact such customer within one month after receiving the request.

  1. Right of access
    Right to obtain confirmation as to whether or not his/her Personal Information are being processed, and, where that is the case, access to such Personal Information and additional information added thereto.
  2. Right to rectification
    Right to request rectification of his/her inaccurate Personal Information.
  3. Right to erasure
    Right to request a erasure regarding the use of Personal Information in certain cases.
  4. Right to restrict the use
    Right to request a restriction regarding the use of Personal Information in certain cases.
  5. Right to lodge a complaint
    Right to lodge a complaint regarding the use of customer’s Personal Information based on Legitimate interests pursued by KRP or by a third party.
  6. Right to data portability
    Right to receive Personal Information concerning him/her, which he/she has provided to KRP, in a structured, commonly used and machine-readable format and the right to transmit such information to another controller without hindrance from KRP.

6-5. Lodging a complaint with supervisory authorities

Customers may lodge a complaint with a country, territory, international organization, or other supervisory authorities regarding the Processing by KRP of his/her Personal Information.

7. Transfers of Personal Information to third countries

We will handle the personal information acquired to perform a contract with the customer or to complete pre-contractual measures at the customer’s request within Japan. And we may transfer personal information obtained within the EU to Japan and other countries outside the EU in exceptional cases. In case of transfer to a country which lacks an adequacy decision by the European Commission, KRP will take measures of the standard data protection to lawfully transfer customer’s Personal Information.

8. Secure management of Personal Information

8-1. Compliance with relevant legislation, regulations, and guidelines

KRP complies with the GDPR as well as other relevant laws, and regulations.

8-2. Security measures

KRP makes every effort to protect customer Personal Information with preventive and security measures to protect against unauthorized access, loss, destruction, tampering, and leaks.

8-3. Organizational system

KRP has an organizational system in place for the protection of Personal Information within KRP, which includes a Personal Information Protection Officer for KRP as a whole and a Personal Information Management Officer for each division.

8-4. In-house rules for the handling and management of personal information

KRP has established rules for the handling of Personal Information, to ensure that standards for the appropriate acquisition, maintenance, use, and disposal of Personal Information are established and adhered to. KRP has also defined a code of conduct and concrete rules for the activities of those handling Personal Information, to prevent unauthorized access, loss, destruction, tampering and leaking of Personal Information.

8-5. In-house training

KRP implements staff training in relation to the protection of Personal Information and works to protect Personal Information by ensuring that the content of the training is thoroughly understood throughout KRP.

8-6. Continuous review of in-house rules relating to the handling and management of personal information

KRP continually reviews and improves its rules for the handling of Personal Information and the organizational system for implementing those rules, to ensure that their implementation continues to be effective and appropriate.

9. Revision and publication of this policy

This Personal Information Protection Policy is subject to revision at any time to respond to revisions and changes in related laws and regulations and to social needs related to Personal Information. Any revisions are published on this website without delay and the most recent revision date is clearly shown.

10. Contact for inquiries and complaints

KRP has established a center for responding to customer inquiries and complaints about the personal information obtained and held by KRP. This center responds conscientiously, efficiently, and in the appropriate scope to such inquiries/complaints after confirming the identity of the customer or the customer’s representative. Depending on the request, the response may require several days.

Contact Address
Kyoto Research Park Corporation
Administration Department
(Address)  134, Chudoji Minami-machi Shimogyo-ku Kyoto City, 600-8813,Japan

Kyoto Research Park Corporation
Enacted:2021/2/1