Privacy Policy(February 1, 2023)

We, Nulab Inc. (“Nulab”, “we”, “us” or “our”) develop and sell computer systems. In providing our services, and considering the importance of personal information, we have established a personal information protection policy to protect the individual’s rights and interests, and all board members and employees shall carry out this policy (“this Policy”) in good faith.

“Personal Information” as used in this Policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier or one or more factors specific to you.

For the purposes of the EU General Data Protection Regulation 2016 (the “GDPR”) Nulab is the controller of the Personal Information processed by us and we are responsible for our services and websites, including https://nulab.com, https://backlog.com, https://cacoo.com, https://www.typetalk.com (the “Site”).

* “Controller” of personal information is defined as “person … which … determines the purposes and means of the processing of personal data” under Article 4(7) of the GDPR.

Applicable Scope of this Policy

This Policy applies to all Personal Information we collect in relation to all products, apps, services and websites operated by us, including but not limited to  https://nulab.com, https://backlog.com, https://cacoo.com, https://www.typetalk.com (“Services”) and all cases where you provide Personal Information to us. 

Our Personal Information Protection Policy

1. We will acquire, use and provide appropriate personal information, giving consideration to the business content and scale.

2. We will specify the purpose for which personal information will be used and take appropriate measures to ensure the use of personal information does not deviate from that purpose.

3. We will comply with laws regarding the protection of personal information, guidelines set by the government and other related regulations.

4. We will take security control measures to prevent a leak, loss, or deletion of or damage to personal information. Furthermore, we will put in place appropriate measures to handle personal information incidents, and measures to prevent the damage from spreading.

5. We will promptly respond to requests for the disclosure of, inquiries about and complaints regarding personal information, by establishing an enquiry desk.

6. We will review the security control measures in a timely manner and appropriately improve them.

1. Personal Information We Collect

We use different methods to collect personal information from and about you including through:

  • Personal information you provide us.
    You may give us your personal information including your name and contact details, by filling in forms or by post, phone, email or otherwise. This includes, without limitation personal information you provide in the following instances;
    1. when you ask us about our services, register for use, or download materials about our services;
    2. when you subscribe to our publications or newsletters;
    3. when you request marketing emails to be sent to you;
    4. when you send us feedback;
    5. when you answer a questionnaire for the purpose of statistical surveys and enter sweepstakes;
    6. when you apply for events, seminars, business negotiations, etc. (offline or online, hereinafter collectively referred to as “Events”) conducted by Nulab, or when you answer a questionnaire during Events; and
    7. when you provide customer information at the request of Nulab in the case of using the Nulab API.
  • Personal information we collect automatically.
    As you interact with our Services, we may automatically collect the following information:
    1. information about your device and the use of a browser (including usage status, frequency of use, and length of your visit);
    2. the date you accessed our Site;
    3. the website you visited before visiting our Site;
    4. technical information about your browser, OS type and language, IP address, and the domain name; and
    5. if you access our Services from a mobile application, your mobile carrier, device identifier, type of device, performance information, app store when downloading the application, customer behavior, frequency of use, usage status when using the application (including the number of times you used the application).

We collect this Personal Information by using cookies, server logs and other similar technologies. The content collected and recorded on access logs is used as server operation information to assist in improving our Services, and also to provide you, depending on your usage status, with information useful to use our Services or promotional information via e-mail or by other means.

The information recorded on access logs is not used in conjunction with other Personal Information when used as server operation information, but will be used in conjunction with your user information and e-mail address where we contact you via e-mail or by other means for example to inform you about the latest updates to the Services.

  • Personal information we obtain from other sources.
    During your use of the Services, we may request, collect and store your information, such as credit information for fraud prevention and detection as well as marketing activities from publicly available sources and third parties, as may be necessary from time to time and as permitted under applicable laws. In addition, based on your separate consent, we may receive other personal information about you from third party sources. For example, if you access the Site through a third-party application, we may collect information about you from that third party that you have made available via your privacy settings or if you request information from comparison sites, they will provide us your information based on your request.

2. Cookies

Like many websites, we use ‘Cookies’ to make our Services more convenient for our users.

Cookies are files that are stored on your computer or mobile device when you browse our Site.

We mainly use Cookies for the following purposes.

  • When you use the service, you do not have to enter a password every time.
  • We use Cookies to deliver personalized experiences on our Services to our customers.
  • Cookies are used to analyze our customers’ activities in our Services (we may use the results of our analysis to make you offers or for promotions).

Please see our Cookie Policy for further details on Cookies.

3. Our Purposes For Processing Personal Information

We will process your Personal Information for the following purposes:

  • To confirm your identity;
  • To confirm your eligibility to use Nulab Services (including, but not limited to requirements that you be over 18 years old and not be Anti-Social Force(s));
  • To respond to your questions and provide related customer services;
  • To prevent fraud or other financial crime;
  • To monitor and protect the security of our information, systems and network;
  • To conduct research, product development and enhancement;
  • To inform you of changes made to our Site and  Services;
  • To conduct marketing activities;
  • To effectively present content from our Services;
  • To provide content matching with your interests;
  • To enable you to search for information on our Site and Services;
  • To assess your needs and interests in order to better tailor offers and advertising;
  • To improve the convenience of our Site and Services; and
  • To provide questionnaires for the purpose of statistical surveys and to offer sweepstakes (the answers to questionnaires may be made public in the form of statistical information that does not allow a specific individual to be identified)

4. Emails

We may send out emails to you for the purpose of providing our services, contents or functions, researching, providing news, promotions, and announcing events. You may opt-out of receiving these emails. We may use a third-party provided service to send out emails or to communicate smoothly with our customers. We may share information, such as your email address, with the third-party service provider only to the extent necessary for this purpose.

5. Disclosure of Personal Information 

We will protect your Personal Information as being strictly confidential. We may share your personal information with the parties set out below for the purposes set forth in this Policy:

  • A member of our corporate group;
  • Our professional advisors such as auditing firms, accountants and lawyers, etc.;
  • Companies that provide services to help us with our business activities, such as data storage, maintenance services, database management, web analytics and payment processing; and
  • Companies that succeed to our business or assets due to an organizational restructuring or a business transfer or the like.

We may also disclose your Personal Information to the extent required by law and only to the extent  such disclosure of Personal Information is  necessary, such as to protect your safety or the safety of others, investigate crimes, or respond to a request by the government or any other third party. Furthermore, we will notify you of any provision of your Personal Information to respond to a request by the government or a third party unless notification is prohibited by applicable laws and regulations.

Where the GDPR applies to the processing of your Personal Information and your Personal Information is shared with a third party located in a country that has not received an adequacy decision by the European Commission, we will take appropriate security measures, such as use the European Commission-approved Standard Contractual Clauses. You can confirm the details of the security measures (including a copy of the Standard Contractual Clauses) by contacting us through the Contact Us page on our Site.

Outsourcing

We may use third party vendors to assist us in carrying out certain operations necessary for providing our Services (for example, customer support, etc.). In doing so, all or part of the User’s Personal Information, including User Data, may be entrusted to such vendors, including companies located in the following countries or regions. We require all third parties to process Personal Information in a secure manner in accordance with applicable laws and regulations. Furthermore, we require all third parties that process Personal Information on our behalf, to process such Personal Information in accordance with our instructions, to the minimum amount necessary to carry  out their tasks and only for the purposes that we retained them for.

Nulab shall be responsible for ensuring that vendors comply with obligations equivalent to those imposed on Nulab under laws and Nulab’s Terms of Services.

The list of service providers used by Nulab and the list of countries where Personal Information is processed and stored is available here.

6. Retention Period of Personal Information

We will store your Personal Information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Information is processed. Furthermore, we will store your Personal Information as necessary to comply with our legal obligations, resolve disputes, or enforce our rights, or if it is technically difficult to remove it immediately.

7. Security Control Measures

We will take security control measures to prevent a leak, loss, or deletion of or damage to Personal Information. Furthermore, we will put in place appropriate measures to handle Personal Information incidents, and measures to prevent the damage from spreading. The security control measures we will take include executing appropriate agreements with outsourced parties or employees and supervising them. In case we process Personal Information overseas, we will confirm the systems of that foreign country and what protections it offers for Personal Information and we will take appropriate security control measures accordingly. We will conduct a review of the security control measures in a timely manner and appropriately improve them when necessary.

SSL/TLS

Our Site uses ‘SSL/TLS’ to protect Personal Information. By using a browser that supports security functions, when you access our Site and enter Personal Information including your name and e-mail address, and this Personal Information is transmitted to our server, SSL/TLS will enable the Personal Information to be automatically encrypted. Therefore, if the Personal Information you transmitted is intercepted by a third party, the content of it cannot be decoded. sxdcf

If you use a browser that does not support SSL, you may not be able to access our Site or load information.

8. Legal Basis for Processing Personal Information

Where the GDPR applies to the processing of your Personal Information, we process Personal Information about you only where we have the following legal basis for doing so:

  • Agreement: where we need to process your Personal Information to perform an agreement we executed with you.
  • Legal obligation: where we need to process your Personal Information to comply with a legal obligation.
  • Legitimate interest: where we need to process your Personal Information for our legitimate interests or those of a third party, and they are not overridden by your interests and fundamental rights.
  • Consent: where you give us consent to process Personal Information. You may withdraw your consent at any time, but withdrawing your consent will not affect the lawfulness of the processing of your Personal Information based on the consent you gave before your withdrawal.

If you have any questions regarding the details of the legitimate interests, please contact us using the Contact Us page on our Site.

9. Your Rights

You have multiple legal rights in relation to your Personal Information we hold about you. These rights may change according to data protection laws and regulations applied in relation to your location and the relationship between you and Nulab, but typically include the following.

  • Right of access to personal information. You may have the right to request access to related information, including personal information we hold about you, the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, the period for which the personal information will be stored (if impossible, the basis used to determine that period), the right to object to competent authorities, the source of the personal information, and the existence of any automated decision making.
  • Right to correct personal information. You may have the right to request that Nulab correct any inaccurate or incomplete personal information about you.
  • Right to erase personal information. You may have the right to request that Nulab erase personal information about you under certain circumstances, including the following circumstances.
    • If it is no longer necessary for Nulab to store your personal information, in light of the purpose for collecting the personal information.
    • If Nulab may process personal information only on the basis of your consent, and you withdraw your consent.
    • If you object to Nulab’s processing of personal information on the grounds of legitimate interests, and those legitimate interests do not override your interests, rights and freedom.
  • Right to request that the processing of personal information be restricted. You may have the right to restrict the processing of your personal information under certain circumstances, including the following circumstances.
    • If you object to the accuracy of your personal information yourself (limited to the period necessary for Nulab to confirm the accuracy of personal information).
    • If it is no longer necessary for Nulab to process personal information for purposes other than filing for or exercising legal claims, or to defend the same.
    • If you object to Nulab’s processing of personal information on the grounds of legitimate interests (limited to the period necessary to determine whether the legitimate interest overrides your interests, rights and freedom.).
  • Right to object. You may have the right to object to Nulab regarding the processing of your personal information.
  • Right of data portability. If Nulab processes personal information provided by you on the legal basis of consent or an agreement, you may have the right to request that you receive personal information in structured and generally used, and machine-readable form, or that the personal information be transferred directly to a third party to the extent this is technically feasible for Nulab.

Where you believe that we have not complied with our obligations under this Policy or the GDPR, you have the right to make a complaint to the relevant data protection authorities.

Communication with End Users

Unless required by law, Nulab will not accommodate requests from End Users concerning data protection or privacy without the Customer’s written consent. Provided, however, that, in cases where a Customer provides account to an End User, Customer agrees that Nulab may contact such End User, using End User’s information provided by the Customer, for the purpose of providing such End Users with tips, advice and other useful information or product related information to help such End User make the best use of Nulab’s products and services. In such cases, Nulab shall obtain End User’s consent in advance. Furthermore, Nulab shall take commercially appropriate steps for suspending future communication whenever End User’s consent is not obtained.

10. Contact Us

If you have any questions regarding this Policy, please contact us using the Contact Us page on our Site.

11. Changes To This Policy

We may update this Policy. In case of material updates, we will notify you on our Site in advance. Please periodically confirm this Policy to obtain the latest information about our processing of personal information.