GDPR Privacy Policy

This GDPR Privacy Policy explains how Kozo Keikaku Engineering Ltd. (the "Company" or “we”) processes your personal data and informs you of your privacy rights. It applies to the processing of personal data we collect from our business partners and through our websites in the context of the activities of our locations in the European Economic Area ("EEA").


The Company is the controller of the processing activities described below and is responsible for keeping you informed about the processing of your personal data and responding to your questions, comments and requests.


We collect personal data about you when we contact you or when you contact us in connection with our investigation and marketing activities at our locations in the European Economic Area ("EEA"). We also collect personal data about you when you visit our websites.


3.1 Personal data collected through investigation and sales activities

a. Personal data
We may process your contact details (such as name, email address, telephone number and affiliation) and the content of correspondence between you and us in connection with investigation and sales activities at our locations in the EEA.

b. Purpose and legal basis for processing
We process the above personal data for the purpose of various investigations related to our business and to provide you with information about our business. The legal basis for such processing is that the processing is necessary for our legitimate interests in promoting and developing our business.

3.2 Personal data related to inquiries and complaints

a. Personal data
If you make inquiries or make a complaint to us, we will process your contact details and the content of the correspondence between you and us.

b. Purpose and legal basis for processing
We process the above personal data in order to respond to your inquiries and complaints and for legal proceedings. The legal basis for such processing is that the processing is necessary for compliance with our legal obligations or for our legitimate interests in responding to your inquiries or complaint.

3.3 Cookies and other identifiers

a. Personal data
Our website may send so-called cookies to your computer through your web browser to manage communications with you for the purpose of analysing user trends and providing better services. A cookie is a small piece of data sent to your web browser by our web server, which is stored on your hard disk and used to identify your computer. Cookies identify your browser with a unique and arbitrary number. We will obtain your prior consent to the use of cookies.
Our website ( uses Google Analytics, which collects IP addresses and information about the behaviour of website visitors using cookies. For more details on how Google collects and processes such information, please see the following webpage:

b. Purpose and legal basis for processing
We process the personal data we collect through cookies for the purpose of statistically analysing the behaviour of users of our website and improving our website. The legal basis for such processing is your consent or our legitimate interest in providing you with our website.

3.4 Sensitive personal data

We do not collect sensitive personal data (e.g. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation) and personal data relating to criminal convictions and offences, except where the requirements of applicable law are met.

3.5 Information on minors

We do not intend or wish to obtain personal data directly from minors.


We provide the above personal data to processors who process the data on our behalf i.e. providers of customer relationship management services and cloud services. These third parties will not use your personal data for their own purposes such as direct marketing purposes.
In addition, we may also provide personal data to authorised public authorities (e.g. courts, police and supervisory authorities) if we receive an order or request to do so.


We have established the Information Security Basic Policy for all information assets including your personal data. All of our directors, employees, temporary and part-time workers, outsourcers, subcontractors and other persons handling information assets in the course of our business operations recognise the importance of information security and comply with our Information Security Basic Policy, as well as the Information Security Management Rules which we have established separately. In addition, we strictly manage personal data in accordance with our management standards and take appropriate measures to prevent loss, destruction, alteration or leakage.

When you provide us with your personal data via our website, we use SSL (Secure Sockets Layer) encryption to ensure security in case of unauthorised access by third parties.


We may transfer your personal data to Japan where the Company’s headquarter is located. Japan is recognized by the European Commission as providing essentially equivalent level of data protection to that which exists within the EEA.
We may also transfer your data to our third party service providers which may be located or operate outside the EEA. In such cases, we will ensure that your personal data is given the same level of protection as in the EEA by implementing appropriate safeguards including but not limited to standard contractual clauses adopted by the European Commission.
For more details, please contact us using the Contact Information below.


We retain personal data for as long as is necessary to fulfil the purpose for which they are used and, after the retention period has elapsed, we erase or anonymise them in a secure manner within a reasonable period of time. In determining the appropriate retention period for personal data, we take into account the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, as well as applicable law, tax, accounting or other requirements.

If you exercise your right to privacy, we may delete your data earlier than the generally applicable retention period or, conversely, store it for a longer period. In certain circumstances, we may also process your personal data for a longer period than is necessary for the purpose of the processing. For example, we may retain your personal data for a longer period:
・ for exercising the right to freedom of expression and information;
・ for compliance with a legal obligation imposed on us or for the performance of a task carried out in the public interest or the exercise of official authority vested in us;
・ for public health reasons;
・ for the establishment, exercise or defence of legal claims; or
・ if you give us consent;


8.1 Your rights

As a data subject of personal data, you have the following rights.

a. Right to access. You may request access to your personal data held by us. We will also provide you with further information about the processing of your personal data upon your request.

b. Right to rectification. You may request that we correct any incomplete or inaccurate data we hold about you. However, we may need to verify the accuracy of any new data you provide to us.

c. Right to erasure. You may request that we erase your personal data in certain cases e.g. if you believe that we have no legitimate reason to continue processing your personal data, the personal data are no longer necessary, or if you withdraw your consent and there is no other legal ground for the processing.

d. Right to object. If we are processing your personal data on the legal basis of our legitimate interests and you believe that such processing affects your fundamental rights and freedoms, you may object to the processing of your personal data. You also have the right to object if we process your personal data for direct marketing purposes.

e. Right to restriction of processing. You have the right to request for restriction of processing of your personal data if you want us to ensure the accuracy of your personal data, if you believe that our processing of your personal data is unlawful or we no longer need to process your personal data, if you object to processing of your personal data or if the verification whether the legitimate grounds of the controller override yours is pending.

f. Rights to data portability. You may request that we provide you or a third party of your choice with your personal data in a structured, commonly used, machine-readable format. However, this right only applies in relation to the processing carried out by us by automated means and only if the basis for such processing is your consent or the performance of a contract to which you are a party.

g. Right to withdraw consent. Where we are processing personal data on the basis of your consent, you may withdraw the consent at any time. However, this will not affect the lawfulness of the processing before the withdrawal.

h. Automated decision-making. You have the right not to be subject to decisions based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. However, we do not make any decisions based solely on automated processing.

i. Right to lodge a complaint. You may lodge a complaint with a data protection supervisory authority. We would appreciate it if you give us an opportunity to address your concerns before you contact a supervisory authority.

If you wish to exercise any of the above rights, please contact us using the Contact Information below.

8.2 Fees

You do not have to pay any fee to exercise the above privacy rights. However, we may charge a reasonable fee or refuse your requests if your requests are manifestly unfounded, repetitive or excessive.

8.3 Information to be provided

We may request certain information from you in order to verify your identity and to ensure the exercise of the above rights by you. We may also contact you and ask for further information about your request in order to expedite our response.

8.4 Response time

We will endeavour to respond to all legitimate claims within one month. However, it may take longer if your claim is particularly complex or if you have made a large number of requests. In such cases, we will notify you and keep you updated.


We may change this privacy policy in line with changes in legislation and/or in the Company's business activities. In case of a change, we will post the latest privacy policy on this website, indicating the date of the last revision.


For further information on your personal data, please contact:

Kozo Keikaku Engineering Ltd. (Attn.: Personal Data Protection Consultation Service)
4-38-13 Hon-cho, Nakano-ku, Tokyo, 164-0012, Japan

Approved by:Kayoko Kimura, Head of Administration Division of Kozo Keikaku Engineering Ltd.
Last updated on: 1 December 2022