Privacy Notice

 1. What Is Personal Data?

For the purposes of this Privacy Notice, “Personal Data” consists of any information that relates to an identified or identifiable individual (such as you). For example, information which identifies you may consist of your name, address, telephone number, payment details, a specific Alliance product/device identification number that you purchased, location data, an online identifier (e.g. cookies and your IP address). Information which does not identify you on its own but that we link to you also qualifies as Personal Data.

 2. What Personal Data Do We Collect About You?

A. Personal Data you provide directly about yourself

Although you can use some of our Services without providing your Personal Data, the Service which are accessible using your Membership require the collection and processing of your Personal Data. You can choose whether or not to create a Membership and provide your Personal Data for that purpose, but you may not be able to access our full Services if you choose not to do so.

We have detailed below the circumstances where we collect your Personal Data in relation to your visit Website and the Membership.

I. When you apply for a Membership
When you apply for a Membership on Website to use the Services and/or their functions, we ask you to provide the following categories of Personal Data:

･your country of residence;
･your name and surname;
･your job title;
･your telephone number;
･your email address;
･your company information:

company name
address of company headquarters
name and title of company representative
business activities and
website address; and

･your password

II. When you receive your Membership Service to access one of our Services
You will be prompted to enter (i) your email address and (ii) password each time you wish to log in to Website or access a Service using your Membership.

III. When you communicate with us
If you contact us to exercise your rights under the GDPR or make inquiry about this Privacy Notice, we may ask you to provide certain additional information, including your Membership.

B. Information about your use of the Services

In addition to the information that you provide, we automatically collect information when you access the Services via your Membership and how you use them. For example, when you use the Services, we may automatically collect certain information from you such as IP address, unique device identifier, device configurations and device, our Services usage data (however we do not collect data on what you do on such Services). Please review the respective privacy policies in relation to each of our Services which you access using your ID for Membership.

 3. On Which Legal Basis Do We Process Personal Data?

We are not allowed to process Personal Data if we cannot rely on a valid legal ground. Therefore, we will only process your Personal Data when:

I. the processing is necessary to perform our contractual obligations towards you pursuant to the Terms of Use of Membership;

II. the processing is necessary to comply with our legal or regulatory obligations;

or
III. the processing is necessary for our legitimate interests except where they are overridden by your interests or fundamental rights and freedoms. Examples of such ‘legitimate interests’ include:

1) to protect the security of our IT systems, architecture and networks;
2) to meet our corporate and social responsibility objectives.

 4. How Do We Deal With Children’s Personal Data?

For cases other than where GDPR applies as specified in the second paragraph in this Clause:
You have to be 13 years or older to apply for a Membership. We do not solicit or knowingly collect Personal Data from or about children under the age of 13 without the consent of a parent or guardian. If we nevertheless become aware that Personal Data that relates to children under the age of 13 has been submitted to us without the consent of a parent or guardian, we will delete such information from our systems as quickly as possible or, where deletion is not possible, we will ensure that the Personal Data is not used for any purpose or disclosed to any third party.

In case where GDPR applies:
You have to be 16 years or older to apply for a Membership. We do not solicit or knowingly collect Personal Data from or about children under the age of 16 without the consent of a parent or guardian. If we nevertheless become aware that Personal Data that relates to children under the age of 16 has been submitted to us without the consent of a parent or guardian, we will delete such information from our systems as quickly as possible or, where deletion is not possible, we will ensure that the Personal Data is not used for any purpose or disclosed to any third party.

 5. Why Do We Use Your Personal Data?

We will use your Personal Data for the following purposes:

I. Acceptance of an application and screening － to proceed our screening processes, and, if your application gets through such screening processes, to offer the Membership and to enable you to obtain information relating to or to enjoy the Services on our websites or by way of communications otherwise, and to enable you to log in to such website using your Membership ID;

II. Provide the Services － to provide the Services which you access via your Membership and enable us to fulfil our obligations under our contract with you, namely the Terms of Use of Membership;

III. Proof of identity － to identify you when you login to the relevant Services with your Membership ID or when you communicate with us.;

IV. Statistics － to create anonymous, aggregated statistics about the use of Membership and the related Services. This anonymised data may be shared with third parties;

V. Customer Support Services － to provide customer support services for the Mermbership and the related Services, or to deal with any other support queries you may have (such as complaint handling);

VI. Security － to protect our customers (e.g. to prevent spam or attempts to defraud users of our service); to operate and maintain the security of the Membership system and the related Services (e.g. to prevent or stop an attack on our systems or networks); or to protect our rights or property, including enforcing the Terms of Use governing the use of your Membership or the related Services;

VII. Updates － to communicate with you, including communicating with you about your Membership or transactions with us, to give you important information about your use of Membership; and to provide the latest version of this Privacy Notice; and

 6. How Long Do We Store Your Personal Data?

We will retain your Personal Data (A) for up to 5 years following the collection of the Personal Data for the purposes as outlined in this Privacy Notice, or (B) for up to one year after you terminate the use of Membership, whichever is longer.
When your Personal Data is no longer required for the purpose for which it was collected or as required by applicable law, it will be deleted in accordance with applicable law.

 7. To Whom And Where Do We Disclose Your Personal Data?

A. Third parties recipient of the Personal Data

We may disclose your Personal Data to third parties listed in this Section 7 to achieve the purposes described in this Privacy Notice. We require these third parties to take steps to maintain the confidentiality of any Personal Data they may receive from us to perform their tasks, consistent with our Privacy Notice, and we require them not to use this information for any other purpose. We may disclose your information as follows:

I. Nessum Alliance Affiliates
We may need to transfer your Personal Data to other Alliance Affiliates (the “Affiliates”) to enable you to create an Membership ID or use your Alliance ID to access any Service/assistance. All Affiliates are required to follow the privacy related rules set forth in this Privacy Notice. “Affiliates” means any corporate entity that is directly or indirectly controlled by the Alliance.

II. Service Providers
We share Personal Data about you with third party service providers solely for the purpose of enabling them to perform services on our behalf that are related to the Alliance ID and provided they operate in compliance with our instructions.
Examples of such third party service providers are:
･service providers who provide us with data hosting services to store data in relation to your Alliance ID or in relation to the Services accessed via your Alliance ID; and
･service providers who provide us with maintenance services for the Alliance ID and the Services access via your Alliance ID.

III. Third parties when required by law or to protect the ServicesWe will disclose your Personal Data as required by the laws of the European Union and of its Member States, such as in response to an order from a court, public authority or competent regulator of the European Union or one of its Member States.

IV. Third parties when required by law outside of EU or protect the Services
We will disclose your Personal Data in connection with legal requirements, such as in response to an authorized subpoena, governmental request or investigation, or as otherwise required by law, in full compliance with all applicable laws (including without limitation the GDPR).

V. Other parties in connection with corporate transactions
As our business develops, we may sell, buy, or transfer corporate assets. In such transactions, customer information, including your Personal Data, can be part of the transferred business assets to the extent permitted by applicable law. Also, in the event that we, the Alliance ID, the Service, or substantially all of our assets are acquired, your Personal Data will be one of the assets transferred in such acquisition to the acquiring company.

VI. Third parties to which you agreed to disclose your Personal Data
With your consent or upon your request, we may also disclose your Personal Data to other third parties.

B. International Transfer of Personal Data

The Personal Data that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside your country of residence, including, in respect of residents of a country within the European Economic Area (the “EEA”), to a country outside the EEA including but not limited to Japan or in any other country which does not offer an adequate level of data protection as recognised by the European Commission and where we or our affiliates or service providers, maintain facilities. Your Personal Data may also be processed by staff operating inside or outside your country of residence, including staff located outside of the EEA, who work for us or for one of our suppliers or service providers.
Where we transfer your Personal Data outside the EEA, we will ensure that suitable safeguards are in place to help ensure that our third party service providers provide an adequate level of protection to your Personal Data. For the processing of your Personal Data in relation to your use of your Membership, we have put in place an appropriate transfer agreement incorporating the Standard Contractual Clauses approved by the European Commission. You may request additional information in this respect and obtain a copy of the relevant safeguards upon request through sending a request to the contact indicated in section 11 below.

 8. What Do We Do To Keep Your Personal Data Secure?

A. General

The Alliance has put in place appropriate technical and organisational measures to safeguard the Personal Data we collect in connection with your Membership and the Services. These measures take into account:

 I. the state of the art of the technology;
II. the costs of its implementation;
III. the nature of the data; and
IV. the risk of the processing.

The purpose thereof is to protect against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and against other unlawful forms of processing.

However, please note that although we take appropriate steps to protect your Personal Data, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Data.

B. Security of storage

All Personal Data you provide to us is stored on our secured servers. You are responsible for keeping the password of your Membership confidential and we ask you not to share it with anyone.

C. Other security measures

Information security, including the protection of Personal Data is organized in the Alliance called “Information Security Management” (ISM). The related aim, standards and implementation measures are organized in globally valid policy, standards and guidelines. The IT systems which deal with your Membership information are externally assessed and fall under the information security management rules applicable under the ISO 27001 certification. The program in all its parts follow a strong yearly PDCA (Plan-Do-Check-Act) approach to secure the confidentiality, integrity and availability of all data (including your Personal Data) for the whole information lifecycle from collection to destruction of such data.

 9. Cookies And Similar Technology

A. What are cookies?

The Alliance may use cookies and other technologies in certain areas of the Service. Cookies are small text files which may be placed on your device when visiting Website. It can be read by the web server which put the cookie on your hard drive. We may use cookies to store your settings, help you with signing in, and to analyze your browsing experience on Website.
Please note that you can modify your browser so that it notifies you when cookies are sent to it. If you do not want to receive cookies, you may also refuse cookies altogether by activating the relevant settings on your browser. Please note that if you choose to refuse all the cookies, some features of our Services may not be accessible to you or not work properly. Finally, you can also delete cookies that have already been sent.

B. Further information on cookies

For further information on cookies and how Nessum Alliance Office and other third parties use them, and for details of how cookies can be disabled, please see our Cookie Policy.