Tokyo Kyodo Consultancy Services (Pvt.) Ltd. (hereinafter referred to as “Our Company”) shall establish the Basic Policy with regard to individual information and personal data (hereinafter collectively referred to as “personal information”) as set forth in the Act on the Protection of Personal Information, the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the UK GDPR (The Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019) (hereinafter collectively referred to as “laws and regulations”), and shall comply with the matters concerning safety control measures based on this Policy and shall ensure the protection of personal information thoroughly.
1. Our Company will handle personal information in accordance with laws and regulations, establish matters related to safety management measures, periodically review our management system and initiatives, and strive for continuous improvement.
2. Our Company will use personal information, except as otherwise provided by laws and regulations, within the scope of the purpose of use that has been announced in advance, notified or explicitly stated at the time of acquiring the personal information.
Kinds of personal information
Purpose of Use
Name, address, telephone number, fax number, e-mail address, access information, etc. (including name-specifying workplace, affiliation, title, etc., IP address, browser type and language, access time, referenced web site address, Internet log, etc.; the same shall apply hereinafter)
（1） Information and provision of services provided by the Tokyo Kyodo Group (please see the Tokyo Kyodo Group List for details) including the following items or related services provided by the business partners of the Tokyo Kyodo Group (including procedures for confirmation of independence, conflict of interest, etc.)
（2） Provision of information on publications (including newsletters, websites, e-mails, etc.), and sales and subscription information
（3） Guidance and operation of various workshops and seminars sponsored or consigned by an organization
（4） Selection and post-employment management of directors and employees (including salary calculation, social insurance procedures, etc.)
（5） Social contribution activities including proposals, statistics, surveys, and other activities related to the services offered through consultation with public organizations, etc.
（6） Comprehensive risk management based on the need for legal compliance and quality control
（7） Improvement of Websites and services provided
（8） Response to various inquiries
（9） Other businesses related to the above
Our Company may share the acquired personal information with the Tokyo Kyodo Group (please see the Tokyo Kyodo Group List for details) and member firms that are members of the Accounting Firm Network to which Tokyo Kyodo Group belongs.
（1）Scope of users whom Our Company shares personal information
① Tokyo Kyodo Group
② Member firms that are members of the Accounting Firm Network to which Tokyo Kyodo Group belongs
③ Health Insurance Society to which the Tokyo Kyodo Group is a member (limited to personal information of Our Company’s employees)
（2）Purpose of the sharing personal information
Our Company may share such information only if necessary within the scope of the purpose of use set forth in [Table 1].
（3）Controller for managing shared personal information
9F, Kokusai Building, 3-1-1 Marunouchi, Chiyoda-ku, Tokyo 100-0005, Japan
Tokyo Kyodo Accounting Office
Representative Partner: Ryutaro Uchiyama
Our Company will not provide the acquired personal information to a third party except as otherwise provided by laws and regulations or as otherwise approved by the person of the personal information in accordance with laws and regulations.
In the event that the acquired personal information is provided to a third party in a country or region outside the territory of Japan (hereinafter referred to as a “foreign country”), Our Company will provide the acquired personal information to a party establishing a system conforming to the standards set forth in the Rules of the Personal Information Protection Commission, or after obtaining prior consent of the person of the personal information.
（1） Our Company will strive to keep personal data accurate and up-to-date to the extent necessary to achieve the purpose of use set forth in [Table 1].
（2） Our Company shall appoint a Personal Information Protection Controller and establish in-house rules for checking and auditing the status of the handling of personal information and for corrective and preventive actions against the results thereof, and implement appropriate management of personal information.
（3） Our Company will train our employees and other employees on how to protect personal information and properly manage personal information, and will appropriately supervise our employees and contractors to ensure the proper handling of personal information.
（4） Our Company will take appropriate measures against unauthorized access and computer viruses in order to prevent the loss, destruction, falsification, and leakage of personal information. In the event of disposing personal information, Our Company will implement measures in a manner that disposed personal information cannot be restored.
（5） Our Company may, with your consent, store some of personal data on cloud services provided by businesses located in foreign countries. Our Company takes safety management measures described in each of the preceding items (1) to (4) after assessing the personal information protection system of the foreign country concerned.
For specific procedures for notifications of the purpose of use of personal information, requests for disclosure of the content of personal information, and requests for correction, addition, or deletion in the event that the contents of personal data are contrary to fact, or requests for suspension of use, deletion, or provision to a third party, please contact our helpdesk below.
For any opinions, requests, and questions regarding the handling of personal data, please contact our helpdesk below.
8th Floor, Sierra Headquarters Building, No. 112, Havelock Road, Colombo 05, Sri Lanka
Tokyo Kyodo Consultancy Services (Pvt.) Ltd. (personal information helpdesk staff)
The provisions set forth above in “I. Basic Policy,” [Table 1], “III. Management of Personal Information,” and “V. Complaints and Inquiries” shall apply or apply mutatis mutandis to the handling of personal data.
Our Company will use the acquired personal data for purposes set forth above in [Table 1] in accordance with the legitimate interests (Article 6(1)(f) of GDPR), the performance of a contract (Article 6(1)(b) of GDPR), and the consent of a natural person who is the subject of personal data (referred to as the “subject of personal data”) (GDPR Article 6(1)(a)) or in compliance with the legal obligations of the European Union and the United Kingdom (GDPR Article 6(1)(c)). The use of personal data based on legitimate interests is made when personal data of individuals who belong to the customers or business partners of the Tokyo Kyodo Group or personal data of directors and employees of the Tokyo Kyodo Group are used for the purposes stated in [Table 1] (excluding the handling of personal data conducted by public organizations upon performing their duties).
For the purpose described in [Table 1], Our Company may transfer personal data within the Tokyo Kyodo Group and may transfer personal data to member firms that are members of the Accounting Firm Network to which Tokyo Kyodo Group belongs.
Our Company retains personal data only for the period necessary to achieve the purpose set forth above in [Table 1]. The specific period for retaining personal information will be determined by taking into account the purpose of obtaining and processing personal data, the nature of personal data, and legal or business needs.
Under GDPR, you have the right to obtain information relating to the processing of personal data, accessing to personal data, requesting rectification or erasure of personal data, restricting the processing of personal data, right of data portability, rights not to be subject to a decision based on automated processing (including profiling), and the right to object to the processing of personal data. If you are dissatisfied with the processing of personal data, you may appeal to the Data Protection Supervisory Authority of the Member State where the subject of personal data is resided or where GDPR breach occurred.
You may withdraw your consent to the use of personal data at any time by contacting the helpdesk set forth above in V. The lawfulness of processing personal data based on your consent prior to withdrawing the consent of the subject of the personal data shall not be affected by the withdrawal.
Personal data requested to be transferred to Our Company may be a requirement for concluding a contract with Our Company. In this case, please note that Our Company may be unable to conclude or continue the contract by not being able to transfer the personal data.
Data Protection Representative Limited
12 Northbrook Road, Dublin, Ireland
How to contact Tokyo Kyodo Accounting Office via their Data Protection Representative
Last revised on April 8, 2022
8th Floor, Sierra Headquarters Building, No. 112, Havelock Road, Colombo 05, Sri Lanka
Tokyo Kyodo Consultancy Services (Pvt.) Ltd.
Director: Ryutaro Uchiyama