Last updated:
1. Introduction
Technica Zen Co., Ltd. (“Technica Zen,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Notice explains how we collect, use, disclose, and safeguard your personal data when you interact with our website, use our services, or work with us. It also sets out your rights regarding your personal data and how you can contact us about our privacy practices.
This Privacy Notice applies to all personal data processed by Technica Zen in its role as a data controller, including personal data from customers, prospects, business partners, employees, contractors, candidates, and website visitors (“you”), regardless of your country of residence.
For the purposes of this Privacy Notice:
- Personal Data means any information relating to an identified or identifiable individual.
- Processing of Personal Data refers to any operation performed on personal data, whether or not by automated means, such as obtaining, recording, using, consulting, modifying, storing, restricting, disposing of, erasing, disclosing, aggregating, anonymizing, or de‑identifying personal data.
- Controller of Personal Data means the entity that determines the purposes and means of processing personal data, in this case, Technica Zen Co., Ltd.
2. Identity and contact details of the data controller
The data controller responsible for the processing of your personal data is:
Technica Zen Co., Ltd., Head Office
| Representative Director | Takaya Terakawa |
|---|---|
| privacy[at]technica‑zen.com (replace “[at]” with “@”) | |
| Address | 205, Iwasono‑cho 23‑45, Ashiya City, Hyogo 659‑0013, Japan |
3. Categories of personal data we collect, purposes of processing and legal basis
We may collect the following categories of personal data directly from you:
|
Categories of personal data |
Purposes of processing |
Legal basis(where applicable) |
|---|---|---|
|
Identification data (e.g. name, username, contact details, date of birth, place of residence) |
Managing (pre)contractual relationships with customers and prospects and providing consulting services (including via partners) |
Performance of a contract If the consulting services are provided jointly with our partners, we will share your personal data with them only with your consent. |
|
Marketing communications |
Consent |
|
|
Granting access to our membership website and conducting interviews and surveys |
Consent |
|
|
Managing training registrations (IAPP/PECB) and delivering the corresponding training programs |
Consent |
|
|
Handling payments and invoicing |
Compliance with a legal obligation
Consent |
|
|
Referring to our partners |
Consent |
|
|
Handling joint project collaboration with our partners |
Performance of a contract |
|
|
Recruitment evaluation and candidate selection |
Performance of a contract |
|
|
Granting employees access to internal systems and websites |
Our legitimate interests in granting employees access to internal systems and websites necessary for their job duties.
|
|
|
Payroll and tax processing |
-Performance of a contract -Compliance with a legal obligation |
|
|
HR operations (onboarding, contract management, personnel file administration) |
-Performance of a contract -Compliance with a legal obligation |
|
|
Responding to website inquiries |
Our legitimate interests in responding to inquiries you submit via our website
Consent |
|
|
Professional data (e.g. employer, department, job title) |
Managing (pre)contractual relationships with customers and prospects and providing consulting services (including via partners) |
Performance of a contract If the consulting services are provided jointly with our partners, we will share your personal data with them only with your consent. |
|
Handling payments and invoicing |
Compliance with a legal obligation
Consent |
|
|
Handling joint project collaboration with our partners |
Performance of a contract |
|
|
Recruitment evaluation and candidate selection |
Performance of a contract |
|
|
Payroll and tax processing |
-Performance of a contract -Compliance with a legal obligation |
|
|
HR operations (onboarding, contract management, personnel file administration) |
-Performance of a contract -Compliance with a legal obligation |
|
|
Responding to website inquiries |
Our legitimate interests in responding to inquiries you submit via our website
Consent |
|
|
Recruitment data (e.g. CVs, cover letters, employment history, qualifications, references, and other personal information voluntary entered by the candidate) |
Recruitment evaluation and candidate selection |
The processing is necessary for entering into, or performance of a contract to which you are party
|
|
Financial and transaction data (e.g. payment details, billing information) |
Handling payments and invoicing |
Compliance with a legal obligation
Consent |
|
Tax and payroll data (e.g. salary, social security number, family information, commuting method) |
Payroll and tax processing |
Compliance with a legal obligation |
|
HR operations (onboarding, contract management, personnel file administration) |
-Performance of a contract -Compliance with a legal obligation |
|
|
Attendance data |
Managing employee attendance |
-Performance of a contract -Compliance with a legal obligation |
|
User activity logs information |
Monitoring system security and integrity |
Our legitimate interests in continuously ensuring the protection and reliable operation of our IT systems |
|
Other information you choose to provide |
Responding to website inquiries |
Our legitimate interests in responding to inquiries you submit via our website
Consent |
We may process your personal data where necessary to comply with legal obligations or in our legitimate interests, including for the purposes of responding to judicial proceedings, law enforcement requests, or inquiries from governmental authorities.
We may collect certain categories of personal data about you through automated technologies such as internet or other electronic network activity information, cookies, and web beacons. These may include:
- Technical data (e.g., IP address, device details, operating system, browser type)
- Usage data (e.g., interactions with our website, pages viewed, time spent on pages, and service usage statistics)
We use this information, with your consent, to:
- Measure the effectiveness and open rate of our newsletters;
- Analyze and improve the performance, functionality, and user experience of our website.
4. Data retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Notice and to comply with applicable legal and regulatory requirements.
To ensure transparency, we set specific retention periods depending on the purpose for which it was collected. These retention periods are outlined in the table below. Once a retention period expires, or if the data is no longer required for the stated purpose, we will securely delete, or anonymize your personal data, unless a longer retention period is required by law.
|
Purpose of processing |
Data retention period |
|---|---|
|
(Pre)contractual relationships with customers and prospects and consulting services (including via partners) |
Customers: duration of contract + 2 years from last contact Prospects: 2 years from last contact Joint projects with our partners: during the joint project and as long as the customer wishes to maintain business relations |
|
Marketing communications |
2 years from last contact or until consent withdrawn |
|
Membership website access, interviews, and surveys |
Until deletion of the account |
|
Training registrations and delivery (IAPP/PECB) |
Until the end of training |
|
Payments and invoicing |
During the contractual relationship |
|
Referrals to partners |
2 years from last contact or until consent withdrawn |
|
Joint project collaboration with our partners |
Duration of contract + 2 years from last contact |
|
Recruitment management |
Rejected applications: deleted within 2 weeks of selection Selected applications: 5 years after retirement |
|
Internal systems and employee access
|
Duration of employment |
|
Employee attendance management |
5 years after retirement |
|
Payroll and tax processing |
5 years after retirement |
|
HR operations (onboarding, contract management, personnel file administration) |
5 years after retirement |
|
System security and integrity monitoring |
Logs: 90 days; up to 2 years depending on the system |
|
Website analysis and improvement |
2 months |
|
Website inquiries |
2 years from last contact |
5. Data sharing
We may share your personal data with the following categories of recipients:
Trusted service providers and other third parties
We engage carefully selected service providers to support us in delivering our services, such as IT security providers, cloud computing providers, SaaS solutions, consultants, lawyers, accountants, and other professional advisers who assist with business operations, contractual arrangements, or tax obligations. We may also share personal data with payment service providers and financial institutions to process transactions, with training or certification bodies to manage registrations and issue certifications.
These providers are contractually required to implement appropriate confidentiality, privacy, and security measures and promptly notify us in case of any data breach. In addition to these measures, we apply internal policies and procedures designed to ensure that personal data sharing with third parties is kept to the minimum necessary to achieve the stated purposes.
Business partners
In some cases, we may provide services together with selected business partners (please see the list here). Where personal data needs to be shared for such joint activities, we will ensure that:
- you are informed in advance and, we do not share your personal data with partners for their independent use without your prior consent;
- appropriate contractual and organizational safeguards are implemented to protect your personal data.
Regulatory authorities, courts, and law enforcement
Where disclosure is legally required in order to comply with applicable laws, or regulations.
Other third parties in the event of corporate transactions
If our business undergoes a significant change, such as a merger, acquisition, reorganization, bankruptcy, dissolution, or the sale of all or part of our assets or shares, your personal data may be transferred as part of the transaction. In such cases, we will ensure that:
– the recipient is bound by appropriate confidentiality and data protection obligations;
– you are informed of any material changes in the way your personal data is processed as a result of the transaction.
6. Cross border data transfer
While the primary processing of your personal data takes place in Japan, some of our service providers and business partners may process personal data in other countries. These may include countries that do not provide the same level of data protection as Japan (for example, the United States or Canada).
In such cases, we ensure that your personal data is protected in accordance with this Privacy Notice and applicable legal requirements. This includes requiring our overseas service providers and partners to apply privacy and security measures equivalent to those required under the Act on the Protection of Personal Information (APPI).
When transferring your personal data to a foreign country, we will inform you of:
- the name of the country concerned,
- the data protection framework applicable in that country, and
- the safeguards we have applied to ensure the protection of your personal data.
You may request additional information on these safeguards at any time by contacting us (see the “Contact us” section below).
Where your consent is required for an overseas transfer, we will provide you with clear information on the risks involved if the destination country does not have a data protection regime equivalent to that of Japan.
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we transfer your personal data based on:
- Adequacy decisions issued by the European Commission or other competent authorities,
- Standard Contractual Clauses approved by relevant authorities, or
- Other legally recognized data transfer mechanisms, as required under applicable data protection laws.
7. Data security
We are committed to safeguarding your personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. To achieve this, we implement a combination of technical, organizational, and administrative measures, as defined below.
Governance and policies
As a privacy, security, and governance consulting firm, we apply our expertise internally. We maintain a comprehensive Privacy Policy and an Information Security Policy that define how personal data and information assets are handled throughout their lifecycle. Our internal rules cover the collection, use, provision, storage, deletion, and disposal of personal data.
Organizational controls
- Processing responsibilities and scope are clearly defined, and data processing occurs only after approval by the responsible person.
- Regular training foster a strong culture of privacy awareness and compliance.
- Vendors and business partners are subject to pre‑evaluation and continuous monitoring to ensure compliance with our privacy and security standards.
Personnel measures
- All employees receive training on data protection upon joining and at least annually thereafter.
- Daily discussions reinforce awareness of data privacy obligations.
- Every employee signs a confidentiality and non‑disclosure agreement (NDA) that includes clauses on personal data protection.
Physical security
- Access to our premises is strictly limited to authorized personnel.
- Use of removable storage media is prohibited.
- Company files can only be accessed from authorized, encrypted devices.
- Personal data on physical and electronic media is irreversibly deleted or destroyed when no longer needed.
Technical safeguards
We maintain a comprehensive information security framework, including:
- VPN environment and SSL communication for secure data transmission;
- Strict access management and role‑based permissions;
- Password management software and mandatory multi‑factor authentication;
- Endpoint security management and installation of antivirus software;
- Encryption and key management for data protection;
- System usage approval system to control internal access;
- Implementation of regular backups to prevent data loss.
Ongoing risk management
- Information assets, including personal data, are classified according to risk, with tailored security measures applied to each classification.
- We continuously monitor changes in data protection and cybersecurity laws worldwide through our membership‑based privacy network and collaboration with international experts.
- Our internal policies and procedures are regularly updated to reflect evolving risks and regulatory requirements.
8. Your rights
Depending on your place of residence, you may have certain rights in relation to your personal data. These may include the right to:
- Access your personal data and obtain a copy;
- Correct inaccurate or incomplete personal data;
- Request deletion of your personal data, where applicable;
- Restrict or object to the processing of your personal data;
- Receive your data in a portable format (data portability, where legally applicable);
- Withdraw your consent at any time, where processing is based on consent;
- Lodge a complaint with a competent supervisory authority if you believe your rights have been infringed.
If you live in Japan, you may also have the right to:
- Request suspension of use of your personal data;
- Request deletion or cessation of disclosure to third parties of your personal data, where certain conditions are met;
- Request disclosure of records of transfers of your personal data to third parties;
- Request notification of the purposes of use of your personal data.
How to exercise your rights
You may exercise your rights at any time by contacting us as described in the Contact Us section below.
- We will verify your identity or the authority of your representative before processing your request. Depending on the content, we may require you to complete a designated application form.
- We will respond to your request without undue delay and, in principle, within one month of receipt, in accordance with applicable data protection laws.
- Our response will be provided through a method agreed with you, including electronic means.
- Requests are free of charge unless they are excessive or manifestly unfounded. In such cases, we may charge a reasonable fee or refuse to act.
Limitations and exceptions
In certain circumstances, we may not be able to fulfill your request, including when:
- responding could harm the rights, freedoms, or safety of you or a third party;
- fulfilling the request would infringe on our own rights or legitimate interests;
- disclosure would violate laws or regulations; or
- special procedures are prescribed by applicable law.
Any personal data collected in connection with a rights request will be used only to process that request and will be securely deleted once the process is complete.
Complaints
Japan
If you are not satisfied with our response after contacting us, you may file a complaint or inquiry with the Personal Information Protection Commission (PPC):
- Website: https://www.ppc.go.jp/
- Consultation Hotline: https://www.ppc.go.jp/personalinfo/pipldial
- Phone: +81‑3‑6457‑9849
- Hours: 9:30 – 17:30 (excluding weekends, national holidays, and New Year holidays)
European Economic Area (EEA), United Kingdom, and Switzerland
If you are located in the EEA, the UK, or Switzerland, you may lodge a complaint with your local supervisory authority.
- A full list of EEA authorities is available here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en
- United Kingdom: ICO – https://ico.org.uk/
- Switzerland: FDPIC – https://www.edoeb.admin.ch/en
9. Automated decision-making, including profiling
We do not use personal data for automated decision-making, including profiling, that produces legal or similarly significant effects on individuals, without providing appropriate safeguards.
10. Contact us
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:
Technica Zen Co., Ltd.
| privacy[at]technica‑zen.com (replace “[at]” with “@”) | |
| Address | 23‑45‑205, Iwazono‑cho, Ashiya‑shi, Hyogo 659‑0013, Japan |
General inquiries should go via the “Contact Us” page on our website.
