• TOP
  • Privacy Policy

GDPR Privacy Policy

Privacy Policy for GDPR/UK GDPR

Last Updated: September 25, 2025

Plantec, Inc. (hereinafter referred to as “the Company”) recognizes that the protection of personal data is a significant social responsibility. We are committed to handling your personal data appropriately in accordance with applicable laws and regulations, including the EU General Data Protection Regulation (GDPR).

1. Scope of This Policy

This Privacy Policy applies exclusively to the processing of personal data subject to the GDPR, the UK GDPR, and other privacy-related regulations of the European Economic Area (EEA) and the United Kingdom.

2. Definition of Personal Data and Responsibility

“Personal Data” means any information relating to an identified or identifiable natural person, such as name, date of birth, address, telephone number, and email address.
Data Controller: The Company acts as the Data Controller for the processing of personal data concerning customers. The Company generally does not process personal data on behalf of third parties.
Provision of Data: Unless required by local regulations or for compliance with legal obligations, you are generally not required to provide personal data to the Company. However, please note that if you choose not to provide certain data, you may not be able to use some of the Company’s services.

While the Company does not identify individual users during general browsing of this website, users may choose to provide Personal Data that directly or indirectly identifies them in order to access certain services. In such cases, the Company may collect and process such Personal Data accordingly.

3. Personal Data to be Collected and Purposes of Use

The Company collects personal data based on the following categories and processes it for the respective purposes based on the legal grounds specified below. As a rule, the Company does not collect sensitive personal data unless required by applicable law. Furthermore, we do not intentionally collect personal data directly from minors. Minors are requested to provide personal data only after obtaining consent from a parent or guardian.

(1) Personal Data of Officers and Employees of Customers and Business Partners (Corporations/Organizations)

Data Collected:

Name, department, job title, company address, telephone number, email address, business card information, etc.

Purposes of Use:

  • Performance of operations related to the provision, implementation, and maintenance of the Company’s services (including the performance of contracts).
  • Provision of information regarding the Company’s services, responding to requests for materials, or requesting cooperation for surveys, etc.
  • Information, registration, and operation of seminars, events, and exhibitions hosted or co-hosted by the Company.
  • Responding to and recording inquiries, requests, complaints, etc.
  • The Company’s public relations activities (e.g., interview requests), sending records of introductions, and contacting for case study creation.
  • Performance of tasks incidental or related to the above purposes.

Legal Basis:

a. To perform a contract with the customer

b. The Company’s legitimate interests in conducting the Company’s normal business operations (such as confirming and responding to communications or inquiries sent to the Company) or the consent of the customer.

c. The Company’s legitimate interests in sending information about our products or services purchased, used, or requested by the customer.

(2) Personal Data of Applicants for Recruitment and Hiring Activities

Data Collected:

Name, date of birth, educational background, work history, contact information (address, phone number, email address), etc.

Purposes of Use:

  • Provision of information to applicants, selection, notification of results, and other operations related to recruitment and hiring activities.
  • Basic documentation for personnel management after hiring.

Legal Basis:

a. To consider or prepare for entering into an employment contract with the applicant.

b. The Company’s legitimate interests in maintaining our social reputation as a premier employer or the consent of the applicant.

c. When necessary to comply with obligations under labor and social security laws.

(3) Personal Data of Employees and Their Families

Data Collected:

Name, date of birth, educational background, professional history, contact information (address, phone number, email address), etc.

Purposes of Use:

  • Operations related to employee management.

Legal Basis:

a. To perform a contract with the employee.

b. Our legitimate interests in maintaining our social reputation as a premier employer or the consent of the employee.

c. When necessary to comply with obligations under labor and social security laws.

(4) Common Purposes for All Categories Above

Data Collected:

All personal data collected in sections (1) through (3) above.

Purposes of Use:

  • Analysis, investigation, and research for the improvement and quality enhancement of the Company’s services.
  • Various procedures and responses based on laws, regulations, and national guidelines.

Legal Basis:

a. The Company’s legitimate interests to act in the interest of, protect, and grow its business.

b. When necessary to comply with relevant legal obligations.

c. Consent of the customer or other subjects of the personal data.

(5) Cookies

Data Collected:

Information regarding access to this website, geographical location and IP address, browser software used, top-level domain used, pages visited on the website (URLs), website address accessed prior to accessing the Company (including search terms used), clickstream data showing visitor traffic on the website, and the date and time of access.

Purposes of Use:

  • Improvement of website usability.
  • Understanding and analysis of usage status.
  • Optimization of content and advertisements (in the event of future implementation).

Legal Basis:

a. The Company’s legitimate interests in providing and maintaining its website by using essential cookies.

b. User consent for non-essential cookies, such as those related to performance, functionality, and targeted advertising.

In the event that personal data is used for purposes other than those stated above, the Company will obtain the prior consent of the individual, except where permitted by laws and regulations.

4. Security Measures

The Company implements appropriate technical and organizational measures to prevent unauthorized access, leakage, loss, or destruction of personal data, and continuously reviews and improves these measures. The key measures implemented by the Company are as follows:

1. Organizational: Appointment of a person responsible for personal data protection, establishment of internal data handling rules, and ensuring all officers and employees are fully informed of such rules.
2. Human: Provision of regular training to officers and employees regarding key considerations and precautions for the handling of personal data.
3. Physical: Implementation of access controls to facilities and restrictions on carrying personal data to prevent theft or loss.
4. Technical: Implementation of access rights restrictions to data containing personal information, and deployment of protection systems against unauthorized access and malware.

5. Disclosure of Personal Data to Third Parties

Depending on the nature of transactions with the Company, the Company may disclose some or all of the personal data collected and obtained from customers to the following recipients:

(1) Other Entities within the Company Group
The Company may share personal data within the group companies as defined in “6. Joint Use” below.

(2) Service Providers and Processors
The Company enters into contracts with third-party vendors from time to time, including:

a. IT and Website Service Providers

b. Professional Advisors: Such as auditing firms, consulting firms, law firms, accountants, insurance companies, other authorities, marketing agencies, market research agencies, claims managers, and payment processors (e.g., when necessary for the establishment, exercise, or defense of legal claims, or to protect the Website or the Company’s rights and safety).

c. Related Organizations: Agencies, suppliers, subcontractors, and other organizations contracted to provide services under the Company’s instructions.

(3) Third Parties in Case of Legal Requirements
The Company will also disclose personal data if required to do so by law or based on investigations, regulatory requirements, judicial proceedings, court orders, or legal processes (including competent authorities such as law enforcement or police, or tax authorities such as HMRC in the UK).

(4) Third Parties in Business Transactions
Information about customers, including personal data, may be disclosed in connection with a merger, sale, transfer of the Company’s assets, investment, acquisition, bankruptcy, or similar events.

(5) The Company may provide anonymous information to analytics and search engine providers to help the Company improve and optimize the Company’s services. This information is shared only in a form that does not directly identify the customer. Some of these recipients may be based outside the European Economic Area (EEA) or the UK. Whenever the Company transfers personal data, the Company implements appropriate safeguards in accordance with applicable data privacy laws.

6. Joint Use

(1) Items of Personal Data to be Jointly Used
All or part of the personal data acquired in each category of “3. Personal Data to be Collected and Purposes of Use” above (name, department, job title, company address, telephone number, email address, etc.).

(2) Scope of Joint Users
Legal entities that control the Company, are controlled by the Company, or are under common control with the Company (the Company’s Group Companies). “Control” here refers to a company that, whether directly or indirectly, holds a majority of the outstanding voting shares or the authority to substantially determine important management matters.

(3) Purpose of Use by Joint Users
Within the scope of the purposes of use described in “3. Personal Data to be Collected and Purposes of Use” above.

(4) Name or Title of the Party Responsible for Managing Personal Data
Naoyuki Koyama
Chief Executive Officer
Plantec, Inc.
6F Kioicho Park Building, 3-6 Kioi-cho, Chiyoda-ku, Tokyo

7. Provision to Third Parties in Foreign Countries

In accordance with laws and regulations, the Company will not provide personal data to third parties in foreign countries without obtaining the individual’s prior consent. When providing data after obtaining consent, the Company will provide information to the customer as necessary regarding the name of the destination country, an overview of the personal data protection system in that country, and the measures taken by the recipient to protect personal data.

8. Use of Cookies

The Company’s website uses cookies and similar technologies. Cookies are small text files that are automatically sent and stored through the browser, which may identify the customer’s terminal. However, the Company does not directly collect any personally identifiable information through this process. Customers can restrict or disable cookie functions through browser settings; however, please note that some functions on the website may become unavailable as a result.

9. Retention of Personal Data

The Company will not retain personal data for longer than is necessary to carry out the purposes described in this policy or as required by law. The Company generally stores personal data for a maximum of 10 years. However, if customers engage in transactions with the Company’s group companies outside of this website, personal data will be retained in accordance with the privacy policy independently established by that group company.
In such cases, personal data will be retained only for as long as necessary to achieve its purpose, in accordance with the legal basis justifying such retention. After the retention period has expired, the Company will delete or anonymize the data. However, in certain circumstances, the Company may exceed these retention periods:
(1) To comply with legal, regulatory, tax, or accounting requirements, or as necessary for the establishment, exercise, or defense of legal claims.
(2) In specific situations where a complaint or objection is raised, or where there is a reasonable prospect of litigation related to personal data or transactions.
(3) In specific situations where the continuation, renewal, or resumption of transactions with the customer is reasonably expected, in order to maintain accurate records of dealings.

10. Customer’s Rights and Exercise of Rights

(1) Privacy Rights

In connection with the processing of personal data, customers are granted the following privacy rights. For more information on these rights, please visit the European Commission’s website: https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en

a. Right to Withdraw Consent:

Where the processing is based on consent, the customer has the right to withdraw consent at any time.

b. Right of Access:

The customer has the right to request disclosure of their personal data and receive a copy of the data the Company holds. (However, it does not necessarily have to be in the form of a document.)

c. Right to Rectification:

The customer has the right to request the correction of data the held by the Company. This enables the correction of any incomplete or inaccurate data concerning the customer held by the Company.

d. Right to Erasure (Right to be Forgotten):

The customer has the right to request the erasure of their personal data. Under this right, the customer may request that the Company erase their personal data if: (a) the personal data are no longer necessary; (b) the customer withdraws their consent; (c) the customer objects to the processing; (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation; or (f) the personal data have been collected in relation to the offer of information society services referred to in Article 8.1 of the GDPR.
The Company is not required to comply with such a request to the extent that processing is necessary: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation which requires processing; (iii) for reasons of public interest in the area of public health; (iv) for archiving purposes; or (v) for the establishment, exercise, or defense of legal claims.

e. Right to Object:

The customer has the right to object to the processing of their personal data where the Company processes such data based on legitimate interests (as referred to above). Where the Company processes personal data for direct marketing purposes, the Company shall honor the customer’s objection. In cases where the processing is for other purposes, the Company shall cease the processing of the personal data unless the Company demonstrates: (a) compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the customer; or (b) that the processing is for the establishment, exercise, or defense of legal claims.

f. Right to Restrict:

The customer has the right to request the restriction of the processing of their personal data if: (a) the customer contests the accuracy of the personal data (for a period enabling the Company to verify the accuracy); (b) the processing is unlawful and the customer requests the restriction of its use instead of erasure; (c) the Company no longer needs the personal data for the purposes of the processing, but the customer requires the data for the establishment, exercise, or defense of legal claims; or (d) the customer objects to the processing (for a period enabling the Company to verify whether its legitimate grounds override those of the customer).
Where the processing of the customer’s personal data has been restricted, the Company shall only store such data and shall not otherwise process it, except: (i) with the customer’s consent; (ii) for the establishment, exercise, or defense of legal claims; (iii) for the protection of the rights of another natural or legal person; or (iv) for reasons of important public interest.

g. Right to Data Portability:

The customer has the right to request the transfer of their personal data to themselves or to a third party designated by the customer. Please note that this right applies only where the Company carries out the processing by automated means and such processing is based on the customer’s consent or on the performance of a contract with the customer.

h. Right to Lodge a Complaint:

In addition to the rights mentioned above, the customer has the right to lodge a complaint with a supervisory authority at any time (in particular, in the EU Member State of the customer’s habitual residence, place of work, or the place of the alleged infringement of the GDPR). For an overview of supervisory authorities and their contact information, please visit the following website: https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en. However, the Company would appreciate the opportunity to address the customer’s concerns before the customer approaches a supervisory authority, and therefore requests that the customer contact the Company in advance.

(2) Method of Exercising Rights
No fee is required to exercise the aforementioned rights, and the customer may exercise these rights by email or telephone via the “Contact Information” section below. In cases where the customer’s request is manifestly unfounded or excessive, in particular because of their repetitive character, the Company may either charge a reasonable fee or refuse to act on the request.

(3) Identity Verification
In order to respond to requests regarding the customer’s rights, the Company may request the provision of specific information to verify the identity of the customer.

(4) Response to Requests
The Company will provide information on the status of the response to the customer’s request without undue delay and, in principle, within one month of receipt of the request. Depending on the complexity and number of the requests, this period may be extended by a further three months. If an extension is necessary, the Company will notify the customer of such extension within one month of receipt of the request. Please note that under applicable privacy laws, the Company may be permitted or required to refuse a request. If the Company is unable to comply with the customer’s request, the Company will inform the customer of the reasons for such refusal, subject to any legal or regulatory restrictions.

11. Contact Information

For any questions, complaints, or the exercise of rights regarding the handling of personal data, please contact the Company via the inquiry form.

Naoyuki Koyama
Chief Executive Officer
Plantec, Inc.
Kioicho Park Building 6F, 3-6 Kioicho, Chiyoda-ku, Tokyo, Japan