This is an old version.
To see the current version of our terms, please go to up-to-date version.
The term “personal information” as used in this policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.
For the purposes of the EU General Data Protection Regulation 2016 (the “GDPR”) Nulab Inc. is the controller of personal information and responsible for our websites, including https://nulab.com, https://backlog.com, https://cacoo.com, https://www.typetalk.com (the “Site”).
Our data privacy principles
- Our company will acquire, use and provide appropriate personal information, giving consideration to the business content and scale.
- Our company will specify the purpose of the use of personal information and take appropriate measures to ensure the use of personal information does not exceed that purpose.
- Our company will comply with laws regarding the use of personal information, policy set by the government and other related regulations.
- Our company will establish a security management system to prevent a leak, loss, deletion or damage of personal information. Moreover, we will take appropriate corrective and preventive measures for accidents relating to personal information.
- Our company will promptly respond to requests for disclosure of, inquiries about and complains regarding personal information, by the establishment of an enquiry desk.
- Our company will review and appropriately improve the information security management system.
What information do we collect?
We use different methods to collect personal information from and about you including through:
- Personal information you give us. You may give us your personal information including name and contact details, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you ask us about, or register to use our products or services; subscribe to our publications; request marketing to be sent to you, or give us feedback.
- Personal information we collect. As you interact with our Site, we may automatically collect technical information about your equipment, browsing actions and patterns, the date you have accessed our Site, the website you have visited before visiting our Site, your browser, OS, IP address, and the domain name. We collect this personal information by using cookies, server logs and other similar technologies. The content recorded on access logs is not used in conjunction with personal information. It is used as server operation information to assist in improving our Site and services.
Like many websites, we use ‘Cookies’ to make our Site more convenient to our customers.
Cookies are small pieces of data that are transferred between a Web server and your Web browser, and stored on your computer or mobile device as a file.
- When you use the service, you do not enter a password every time.
- Cookies are used for analytic practices to help us understand our customers’ activities in our services.
How do we process information?
We will use your personal information for the following purposes:
- To confirm your identity;
- To respond to your questions and provide related customer services;
- To detect and prevent fraud or other financial crime;
- To monitor and protect the security of our information, systems and network;
- For internal business intelligence purposes, to conduct research, product development and enhancement;
- To inform you of changes made to our Site and other services;
- To conduct marketing and commercial activities and to market relevant offers and promotions to you;
- To ensure that content from our Site is presented most effectively for you and your computer;
- To display content based on your interests;
- Enable you to search information on our Site;
- Assess your needs and interests in order to better tailor offers and/or advertising; and
- Improve our Site.
From time to time, we may send out emails for promotion purposes to announce our services, functions, researches, news, promotions, contests, and events. Our customers may opt-out of receiving these emails. We may use a third-party service provider to send out emails or to communicate smoothly with our customers. For a smoother communication, we may share information, such as your email address, to the service provider for this limited purpose only.
How do we share information?
Your personal information will be treated as being strictly confidential. We may share your personal information with the parties set out below for the purposes set out in this policy:
- A member of our group;
- Our professional advisors such as auditors, accountants and lawyers, etc.;
- Companies that provide services to help us with our business activities, such as data storage, maintenance services, database management, web analytics and payment processing;
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal information in the same way as set out in this Policy.
We may also disclose your personal information as required by law, such as to comply with a subpoena, or a similar legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, and to any other third party with your prior consent to do so, unless notification is prohibited by the applicable law.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where personal information relating to European based individuals is shared with a third party located in a non-EU country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, to transfer the data.
We are part of an international group of companies, headquartered in Japan. We also work with third party service providers in different countries (for example, cloud providers, web hosting, helpdesk software providers, payment processors). Therefore, your information may be transferred outside of the European Economic Area (EEA) and stored, or processed in other countries (including Japan, Singapore and the United States of America), as part of our business operations. By using our Site, you consent to any transfer of your information to these locations. Where personal information is transferred from the European Economic Area to a country that has not received an adequacy decision by the European Commission, we rely on appropriate safeguards, such as the European Commission-approved Standard Contractual Clauses and EU-U.S. Privacy Shield Framework, to transfer the information.
How long do we retain information?
We will store your personal information, in a form which permits us to identify you, for nolonger than is necessary for the purpose for which the personal information is processed. We and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically and reasonably feasible to remove it. Otherwise, we will seek to delete your personal information within a reasonable timeframe upon request.
Our Site uses ‘SSL’ to protect personal information. By using a browser that supports security functions, when you access to our Site and enter personal information including your name and e-mail address, and this information is transferred to our server, the information is automatically encrypted when transmitted and received by servers. Therefore if the transmitted data is intercepted by a third party, there is no need to worry about the content being stolen.
If you use a browser that does not support SSL, you may not be able to access our Site or input information.
Your European privacy rights
For European residents only. We collect and process personal information about you only where we have a legal basis for doing so under applicable data protection law, including under the GDPR. The legal bases will depend on the purpose for which we process your personal information. This means we collect and use your personal information only where:
- We need it to provide the services, including to operate the Site, provide customer support and personalized features and to protect the safety and security of the Site;
- It satisfies a legitimate interest (which is not overridden by your rights and interests), such as for research and development, to market and promote the Site and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your personal information to comply with a legal obligation.
If you have consented to our use of personal information about you for a specific purpose, you have the right to change your and at any time.
We may use your email address to send you newsletter or marketing emails. We will ask for your consent in line with the applicable law when you first provide your personal information. You can opt out by following the unsubscribe instructions included in these emails, or you can contact us using the Contact Us page on our Site.
In certain circumstances, you have rights under the GDPR in relation to your personal information. These data privacy rights do not apply to Nulab where we process your personal information as a data processor on behalf of our clients. Where this is the case, any request to exercise your European data privacy rights should be directed to our client (i.e. the data controller).
- Request access to your personal information. You may have the right to request access to any personal information we hold about you as well as related information, including the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, where possible, the period for which the personal information will be stored, the source of the personal information, and the existence of any automated decision making.
- Request correction of your personal information. You may have the right to obtain without undue delay the rectification of any inaccurate personal information we hold about you.
- Request erasure of your personal information. You may have the right to request that personal information held about you is deleted.
- Request restriction of processing your personal information. You may have the right to prevent or restrict processing of your personal information.
- Request transfer of your personal information. You may have the right to request transfer of personal information directly to a third party where this is technically feasible.
If you have any questions regarding our policy or privacy practices, please contact us using the Contact Us page on our Site.
Changes to this Policy
We may update this policy to reflect changes to our information practices. If we make any material changes we will notify you by means of a notice on our Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.