Website Privacy Policy
Introduction
Nakagawa Corporation (hereinafter referred to as “the Company”) recognizes the importance of protecting personal information in the advanced information and
telecommunications society and considers the proper management and operation of such information to be a social responsibility of the Company.
Based on the Company’s Personal Data Protection Policy, the Company hereby establishes the following Privacy Policy for this website operated by the Company.
This Policy applies not only to customers in Japan but also to visitors worldwide, including residents of the European Economic Area (EEA) who are subject to
the EU General Data Protection Regulation (GDPR). In accordance with this Privacy Policy, we will handle the personal information of customers and all other visitors to this website and
strive to manage and operate this website so that customers may use our services with confidence.
By providing personal information through this website, you are deemed to have agreed to this Policy.
However, if specific pages or contracts stipulate provisions that differ from this Policy, such provisions shall prevail.
1. Definitions
Personal Data:
Information relating to a living individual that can identify a specific individual by name, date of birth, or other descriptions.
This includes numbers, symbols, or other identifiers assigned to an individual, images, voice data, and online identifiers such as IP addresses and cookies.
Controller:
The legal entity that determines the purposes and means of processing personal data. The Controller of this website is Nakagawa Corporation.
Data Subject:
A specific individual whose personal data is processed by the Company (e.g., website visitors, customers, job applicants).
Processing:
Any operation performed on personal data, including collection, recording, storage, reference, use, disclosure, restriction, and deletion.
2. Compliance with Laws and Regulations
The Company complies with the Act on the Protection of Personal Information of Japan (APPI), the EU General Data Protection Regulation (GDPR), and other relevant laws, regulations, standards
(including JNSA guidelines), and applicable guidelines.
3. Legal Basis for Processing
The Company processes personal data only where one of the following legal bases applies:
・Consent: Where the data subject has given clear consent for specific purposes.
・Contract: Where processing is necessary for the conclusion or performance of a contract with the data subject.
・ Legal Obligation: Where processing is necessary to comply with legal obligations (such as tax or labor laws).
・ Legitimate Interests: Where processing is necessary for the Company’s legitimate business interests (such as maintaining website security or improving services),
provided that such interests do not override the fundamental rights of the data subject.
4. Acquisition of Personal Data
The Company acquires personal information by lawful and fair means, without deception or other improper methods.
When collecting personal information, the Company clearly specifies the purpose of use and acquires only the information necessary to achieve such purpose.
If information beyond the stated purpose is included, the Company will, in principle, refuse to accept it or appropriately handle only the necessary portion
5. Use of Personal Data
The Company uses personal information only within the scope of the stated purposes.
If personal information is to be used beyond such scope, the Company will obtain prior consent from the data subject.
For the purpose of business operations, the Company may entrust the handling of personal data to cooperating companies (data processors),
such as IT service providers or logistics partners, under appropriate supervision.
6. Internal Regulations Regarding Personal Information
The Company establishes internal regulations and necessary operational rules concerning the handling of personal and corporate information and information systems.
The Company provides education and training to all employees regarding personal information protection and ensures thorough awareness of such policies.
The Company appoints information management officers in each department and maintains an organizational structure to ensure compliance with personal information protection and
the protection of corporate information necessary for business operations.
7. Provision of Personal Data to Third Parties
The Company does not provide or disclose personal information to third parties except in the following cases:
・With the consent of the Data Subjec
・When outsourcing within the scope necessary to achieve legitimate purposes (e.g., delivery companies, IT service providers)
・When processed into statistical data that does not identify individuals
・When disclosure is required by law
8. International Transfer of Personal Data
The Company is based in Japan. Personal data provided from outside Japan will be transferred to and stored on servers located in Japan.
Notice to EEA Residents:
The European Commission has adopted an adequacy decision recognizing that Japan provides a level of data protection equivalent to that of the GDPR.
This means that your personal data will be protected to a high standard equivalent to that within the EEA.
9. Technical and organizational Security Measures
The Company implements reasonable and appropriate organizational and technical security measures—such as firewalls, access restrictions, and internal access controls—
to prevent unauthorized access, destruction, loss, alteration, or leakage of personal data.
10. Rights of Data Subjects
Data subjects have the following rights regarding their personal data:
・Right of Access: The right to confirm the content of their personal data.
・Right to Rectification and Erasure: The right to request correction of inaccurate data or deletion of data (“right to be forgotten”).
・Right to Restriction and Objection: The right to request restriction of processing or to object to processing based on legitimate interests.
・Right to Data Portability: The right to receive personal data in a structured, commonly used, machine-readable format.
・Right to Lodge a Complaint: The right to lodge a complaint with a national data protection authority.
11. Procedures for Disclosure, Correction, and Deletion
If you wish to inquire about, correct, or delete personal information processed and stored by the Company, please contact the “Comprehensive Personal Information Desk” listed below.
Students who applied through the Company’s recruitment page will be handled according to the procedures specified in the recruitment information.
Business partners who have provided personal information for business purposes will be given priority handling through the designated procedures of the responsible department.
Application Procedure:
Please contact the “Comprehensive Personal Information Desk,” complete the prescribed application form, and submit it together with official identification
(such as a copy of a residence certificate or driver’s license). The Company will verify the identity of the applicant.
Disclosure to the Data Subject:
Upon receipt of the application form, the Company will, in principle, respond within three weeks in writing or by electronic file.
The response will be sent to the address stated on the official identification and addressed to the data subject.
Disclaimer Regarding Authority:
If the personal information in question was entrusted to the Company by a client for business purposes and the Company does not have authority over its handling,
the Company may be unable to accept the request.
12. Google Analytics and Cookies
This website uses Google Analytics to analyze website usage.
Cookies are used to collect access logs, but no personally identifiable information is obtained.
The collected logs are managed in accordance with Google’s Privacy Policy. You may refuse the use of cookies through your browser settings or add-ons.
13. Use of SSL (Encrypted Communication)
To ensure secure communication, this website uses SSL (Secure Socket Layer) encryption to prevent leakage or alteration due to unauthorized external access.
14. Disclaimer and Scope of Responsibility
The Company is not responsible for the handling of personal information on third-party websites linked from this website.
15. Contact Information (General Personal Data Desk)
For inquiries regarding this Policy or to exercise your rights, please contact.
General Personal Data Desk
Address: 1-29-7 Yanagibashi, Taito-ku, Tokyo 111-0052, Japan,
Nakagawa Coporation, General Affairs Department
Telephone and fax contacts:
Tel: 03-3861-2111, Fax: 03-3861-9156
Email address: private-policy@nakagawa-tokyo.co.jp
The Company will endeavor to maintain and operate its personal information protection system in accordance with this Privacy Policy.
This Privacy Policy will be reviewed and improved as necessary. Please check the latest version.
Date: 1st April, 2026
Nakagawa Coporation
President and CEO: Takeyuki Nakagawa
