Privacy Policy

April 1, 2022

DGSHAPE Corporation (hereinafter referred to as “the Company”) has established the “Basic Policy on Personal Information Protection” and is committed to handling and protecting Personal Information in an appropriate manner. This Privacy Policy will be interpreted in accordance with the laws of Japan.

1. Basic Policy on Personal Information Protection

The Company will strive to protect Personal Information based on the following policies:

  1. The Company will adhere to all applicable laws, regulations, and other rules governing Personal Information protection in order to safeguard the Personal Information it handles and to respect the rights of the individual who is the subject of that Personal Information.
  2. The Company will not utilize Personal Information in a manner that encourages or induces illegal or unjust acts.
  3. The Company will acquire Personal Information in a lawful and appropriate manner.
  4. The Company will establish internal policies and procedures for the handling of Personal Information.
  5. The Company will establish an organizational structure and operational procedures to ensure that Personal Information is handled properly. Also, the Company will monitor how Personal Information is handled and will conduct periodic reviews and improvements.
  6. The Company will ensure that all employees are aware of the proper handling of Personal Information.
  7. The Company will safeguard against the loss or theft of equipment that stores Personal Information and will properly dispose of such equipment.
  8. The Company will strive to prevent Personal Information leakage, etc., by restricting access and ensuring the security of the Company’s information systems, etc.
  9. The Company will strive to comply with the personal information laws and regulations of foreign countries and implement security control measures as necessary.

2. Definition of Terms

The definitions for the terms used in this Privacy Policy are as follows:

  1. The term “Personal Information” refers to “Information Relating to a Living Individual” that can be utilized alone or in conjunction with other information to identify a specific individual or those that contain an “Individual Identification Code.”
  2. The term “Information Relating to a Living Individual” refers to all information that contains facts, judgments, or evaluations relating to a specific individual’s attributes such as body features, wealth, job type, or position, including, but not limited to, a person’s name, address, gender, date of birth, and facial image, as well as publicly accessible information, video, and audio, regardless of whether they are encrypted, etc.
  3. The term “Individual Identification Code” refers to information able to identify a specific individual, such as biometric data (DNA data, facial recognition data, iris data, voiceprint data, vein shape data, fingerprint data, etc.), passport number, basic pension number, driver’s license number, resident record code, individual number, and insurer’s number.
  4. The term “Personal Data” refers to the Personal Information comprising the “Personal Information Database, etc.” The term “Personal Information Database, etc.” refers to information that has been systematically organized so as to be able to search for a specific individual, primarily through the utilization of a computer, or through the utilization of information that is organized or categorized in paper form according to specific rules.
  5. The term “Special Care-Required Personal Information” refers to Personal Information about an individual’s race, creed, social status, medical history, criminal history, physical disability, mental disorder, health examination results, arrest records, etc. that requires special care to avoid unfair discrimination, prejudice, or other disadvantages.
  6. Personal Data “Leakage, etc.” will refer to the following situations:
    • Leakage: Unintentional leakage of Personal Data to outside parties.
    • Loss: Unintentional loss of Personal Data.
    • Damage: Personal Data is tampered with or damaged by ransomware.

3. Personal Information Handling Business Operator

Name of the Personal Information Handling Business Operator: DGSHAPE Corporation
Address: 1-1-2 Shinmiyakoda, Hamana-ku, Hamamatsu-shi, Shizuoka-ken
Name of Representative: Hisashi Bito, Representative Director and President

4. Ensuring the Accuracy of Data Content

The Company will endeavor to keep the Personal Data the Company retains accurate and up-to-date and to delete it without delay when it is no longer required for its intended use.

5. Security Control Actions for Personal Data

The Company will implement the following safeguards to ensure the secure management of Personal Data the Company retains:

  1. Establishment of Policies for the Handling of Personal Information:
    • The Company has formulated “Personal Information Protection Rules” to establish basic rules for the handling of Personal Information. The Company has also established rules governing the prevention of leaks of confidential information including Personal Information, and information security.
    • The Company has formulated rules on information security applicable to Roland DG Group to ensure common security measures for the entire Roland DG Group.
  2. Establishment of Organizational Structure and Operations:
    • The Company will appoint an Information Management Officer who will be responsible for overseeing the Company’s information management.
    • The Company will clarify the Personal Data handled by each department and the individual responsible for such data and will monitor the status of data handling on a periodic basis.
    • In the event of an incident or indication of improper handling, leakage, etc., of Personal Data, the Company will establish an organizational structure for notifying the Information Management Officer of such incidents. Additionally, the Information Management Officer will be in charge of the response and corrective actions in the event of a serious incident.
    • The Company will establish procedures for responding to incidents such as Personal Data leakage and establish a structure that ensures prompt actions to prevent the spread of such incidents and preventive actions thereafter.
    • The Company will record access logs, etc., to its information systems to enable verification of the handling of Personal Data.
  3. Adherence to the Policy by Employees:
    • The Company will make the rules known to all employees and will provide education on the handling of Personal Data on a regular basis.
  4. Prevention of Theft, etc. of Information System Equipment and Electronic Media:
    • The Company will encrypt all of its laptops’ hard drives.
    • The Company will require the Administrator’s approval before transporting laptops, USB memory sticks, etc., outside the Company.
    • Prior to disposing of any information system equipment, the Company will utilize specialized software to completely erase any remaining data.
    • The Company will securely store documents containing Personal Data in locked cabinets.
    • When disposing of documents containing Personal Data, the Company will take proper means, such as shredding.
  5. Prevention of Unauthorized Access and Personal Information Leakage, etc.:
    • The Company will identify the information system equipment, etc., that handles Personal Data and implement appropriate access control.
    • The Company will configure firewalls, etc., to block unauthorized access, and monitor for unauthorized access and malware intrusion.
    • The Company will install anti-virus software on all of its computers.
    • The Company will centrally manage the software updates of OS, etc., and ensure that they are automatically kept up-to-date.
    • The Company will implement a system that prohibits the connection of unapproved information system devices to the internal network.
  6. Understanding External Environment:
    • The company will strive to understand the laws and regulations regarding the protection of personal information in foreign countries where Roland DG Group is located and take measures as necessary.

6. Utilization Purpose of Personal Data

  • The purposes for which the Company utilizes the Personal Data it collects are as follows. However, the Company may collect Personal Data for other purposes, in which case the Company will separately notify or announce the purpose of use:
    1. To manage orders, deliver products, settle payments, respond to inquiries about orders, or engage in other duties in relation to the sale of products.
    2. To provide product maintenance and repair services and user support.
    3. To send product catalogs, materials, etc., upon request.
    4. To propose products and services, and to provide information on campaigns, events, seminars, etc.
    5. To send sweepstakes, etc., for prize competitions.
    6. To develop and improve the Company’s products and services through the collection of customer feedback, questionnaire surveys, etc.
    7. To utilize applicant information for human resource recruitment activities conducted by the Company.
    8. To utilize supplier information for material procurement and other transactions between the supplier and the Company.
    9. To respond to other inquiries, etc., received by the Company.
  • In the event the Company utilizes Personal Data obtained with the intent of using it for any of the above purposes beyond the scope of the specified purposes of use, the Company will notify the individual of the purpose of use and will obtain the individual’s consent in advance.

7. Providing Personal Data to a Third Party

The Company will not provide collected Personal Data to any third party without the individual’s consent. However, this does not apply when the handling of Personal Data is entrusted, when Personal Data is utilized jointly, when it is necessary for the protection of human life or wealth, or when required by other laws and regulations.

8. Outsourcing the Handling of Personal Data

The Company may outsource the handling of Personal Data to a third party within the scope necessary to achieve the specified utilization purposes. In such cases, the Company will take the necessary measures to ensure that the outsourced party implements appropriate security control measures.

9. Joint Utilization of Personal Data

The Company will jointly utilize Personal Data held by the Company as follows. However, there may be other instances of joint utilization, in which case the Company will separately notify the individual.

  1. Types of Personal Data to be Shared:
    • Name, company name, postal code, address, telephone number, fax number, e-mail address, purchase history, contract status, order status, payment status, gender, age, educational background, employment history.
  2. Scope of Joint Utilization:
    • Roland DG Group companies in Japan.
  3. Utilization Purpose by the Company:
    • The Company will utilize Personal Data for the purposes described in “6. Utilization Purpose of Personal Data.”
  4. Utilization Purpose by Roland DG Group companies in Japan:
    • For the group company’s sales and product development activities, the same will apply as described in (1), (2), (3), (4), and (6) of “6. Utilization Purpose of Personal Data.”
    • For the group company’s recruitment, the same will apply as described in (7) of “6. Utilization Purpose of Personal Data.”
    • For the group company’s procurement, etc., the same will apply as described in (8) of “6. Utilization Purpose of Personal Data.”
    • For the group company’s improvement of services and related business operations, the same will apply as described in “6. Utilization Purpose of Personal Data.”
  5. Responsible Party for the Joint Utilization of Personal Data:
    • The party as described in “3. Personal Information Handling Business Operator.”

10. Utilization of Cookies, etc.

The Company may automatically collect the customers’ data when they visit the Company’s website. The data collected includes that which is necessary for the Company to operate its website, such as its online shop, and that which is useful for improving the Company’s website, such as customer visit history. Generally, this information is not personally identifiable and therefore does not constitute “Personal Data.” The website visit history, etc. may be provided to other companies as “Third Party Cookies.” The third party that receives such information may be able to identify a specific individual by collating it with other information, in which case it becomes “Personal Data.” In order to provide such information which can be deemed as “Personal Data” to a third party, the third party must obtain the consent of the individual. The Company will not provide this information to other companies unless this consent is confirmed.

11. Information Disclosure, Correction, Cessation of Use, etc.

The individual who is the subject of the Personal Data held by the Company has the right to make the following requests to the Company with respect to that Personal Data:

  • The right to request disclosure or correction of Personal Data (including the addition or deletion of part of the data) and disclosure of records that the Company has provided to a third party.
  • The right to request that the use of the Personal Data be ceased or that it itself be erased if it falls under any of each following item.
    1. When Personal Data was handled beyond the scope of the specified purposes, without the legally prescribed individual’s consent.
    2. When Personal Data was utilized inappropriately.
    3. When Personal Information has been obtained by improper means.
    4. When the Personal Data is Special Care-Required Personal Information and was obtained without the legally prescribed individual’s consent.
    5. When the Company no longer requires the Personal Data for its intended purposes.
    6. When the Personal Data was leaked, etc.
    7. When the handling of Personal Data may harm the rights or legitimate interests of the
      individual.
  • The right to request that the Company cease providing Personal Data to a third party if the Personal Data falls under any of each following item:
    1. When Personal Data was provided to a third party without the legally prescribed individual’s consent.
    2. When the Company no longer requires the Personal Data for its intended purposes.
    3. When the Personal Data was leaked, etc.
    4. When the handling of Personal Data may harm the rights or legitimate interests of the individual.

If you wish to make any of these requests, please contact us by e-mail at the address listed in “16. Contact for Requests for Disclosure, etc., Inquiries, and Complaints” with the specific details of your request.
The Company will take appropriate actions after verifying that the request was made by the said individual. When a high volume of paper documents must be sent or when the electronic media to be provided is costly, etc., the individual may be charged the actual cost.

12. Response to Personal Data Leakage, etc.

In the event that a leakage, etc., of Personal Data the Company retains, has occurred or is likely to occur, the Company will immediately take measures to contain the damage, investigate the facts, identify the cause, identify the scope of the impact, and take preventative measures.

Additionally, in the event of a leakage, etc., of Special Care-Required Personal Information or a case that poses a significant risk of harm to an individual’s rights or interests, the Company will notify the Personal Information Protection Commission and the individual whose Personal Data was leaked, etc.

13. Protection of Personal Information on Linked Websites

The Company’s website may contain links to third-party websites. While the Company takes reasonable precautions to ensure that these links are not malicious, they are not part of the Company’s website and will thus be treated differently than the Company’s website under this Privacy Policy. Please check the privacy policy of the linked website regarding the protection of personal information on that website.

14. Changes to This Privacy Policy

The Company may amend this Privacy Policy in response to changes in applicable laws and regulations, etc., and changes in the Company’s policies. Please check the date at the beginning of this Privacy Policy to see if any changes have been made.

15. Jurisdiction

The court of first instance for all disputes related to this Privacy Policy will be the court of exclusive jurisdiction over the location of the head office of the Company.

16. Contact for Requests for Disclosure, etc., Inquiries, and Complaints

The Company has established a point of contact for all inquiries regarding Personal Information. If you have any questions or complaints about the Company’s handling of Personal Information, or if you wish to make a request for any of the items listed in “11. Information Disclosure, Correction, Cessation of Use, etc.,” please contact us by e-mail at the following address:

Contact for Personal Information
Email address: dgs-marketing@dgshape.com