Skip to main content
Log inContact sales

Privacy Policy(November 19, 2024)

Index

We, Nulab Inc. (“the Company”, “Nulab”, “we”, “us” or “our”) develop and sell computer systems. In providing our services, and considering the importance of personal information, we have established a personal information protection policy to protect the individual’s rights and interests, and all board members and employees shall carry out this policy (“this Policy”) in good faith.

“Personal Information” as used in this Policy shall mean any information that enables us to identify you, directly or indirectly, by reference to an identifier such as your name, identification number, location data, online identifier, or one or more factors specific to you.

Applicable Scope of this Policy

This Policy applies to cases where you use websites, applications, or services provided by the Company (collectively, the “Services”) or where you provide Personal Information to the Company.

Our Personal Information Protection Policy

  1. We will acquire, use, and provide appropriate Personal Information, giving consideration to the business content and scale.
  2. We will specify the purpose for which Personal Information will be used and take appropriate measures to ensure the use of Personal Information does not deviate from that purpose.
  3. We will comply with laws regarding the protection of Personal Information, government guidelines, and other related regulations.
  4. We will take security control measures to prevent a leak, loss, or deletion of or damage to Personal Information. Furthermore, we will adhere to appropriate measures to handle Personal Information incidents and measures to prevent the damage from spreading. We will also review and improve these in a timely and appropriate manner.
  5. We will promptly respond to requests for the disclosure of inquiries about, and complaints regarding Personal Information by establishing an inquiry desk.

1. Personal Information We Collect

Personal Information we collect from you and methods of collection

You may give us your Personal Information as follows by filling in forms or by post, phone, email or otherwise in the following instances.

[Items of Personal Information to be provided]

  • when the party enters into a service agreement for the use of the Services (“Contracting Party”) is a legal entity, organization, or sole proprietor (collectively, “Entity”):
    The representative’s name of the Entity, and its contact person’s name, email address, and phone number.
    Email addresses and usernames of individuals chosen and approved by the Contracting Party as users of the Services (“End Users”).
  • when the Contracting Party is an individual person:
    The Contracting Party’s name, email address, physical address, phone number, and payment information (billing information, credit card information, and bank account information).
    Email addresses and usernames of his/her End Users.

[Situations where Personal Information is provided]

  1. when you ask us about our services, register for use, or download materials about our services;
  2. when you subscribe to our publications or newsletters;
  3. when you request marketing emails to be sent to you;
  4. when you send us feedback;
  5. when you answer our questionnaire
  6. when you apply for events, seminars, business negotiations, etc. (offline or online, hereinafter collectively referred to as “Events”) conducted by the Company, or when you answer a questionnaire during Events; and
  7. when you provide customer information at the company’s request when using the Nulab API.

Personal Information collected from the Company’s shareholders or those interested in becoming such shareholders (collectively, “Our Shareholders”) and methods of collection

In making inquiries about the Company or the Services by filling out forms or through other methods, Our Shareholders may provide the Company with personal information, including name, email address, and phone number.

Personal Information collected from contact persons of our business partners (including official agency partners) and methods of collection

Representatives of our business partners may provide the Company with personal information such as their name, email address, and phone number when conducting transactions, negotiations, inquiries, or other activities related to the Services by filling out forms or by postal mail, telephone, email, or other methods.

Personal information we obtain from other sources

During your use of the Services, we may request, collect, and store your information, such as credit information for fraud prevention and detection, as well as marketing activities from publicly available sources and third parties, as may be necessary from time to time and as permitted under applicable laws. In addition, based on your separate consent, we may receive other Personal Information about you from third-party sources. For example, if you access the Site through a third-party application, we may collect information about you from that third party that you have made available via your privacy settings, or if you request information from comparison sites, they will provide us your information based on your request.

2. Cookies

Like many services, we use ‘Cookies’ to make our Services more convenient for our users.

Please see our Cookie Policy for further details on Cookies.

3. Our Purposes For Processing Personal Information

The Company will handle Personal Information the Company acquires, for the purposes described below. If the Company needs to handle Personal Information beyond the scope of the purposes described below, the Company will obtain the individual’s consent separately in advance.

3.1 Purpose of use of your Personal Information

  • To confirm your identity;
  • To confirm your eligibility to use the Services (including, but not limited to requirements that you be over 18 years old and not be Anti-Social Force(s));
  • To provide the Services to you;
  • To respond to your questions and provide related customer services;
  • To estimate and bill the fees or charges for the Services;
  • To monitor and protect the security of our information, systems and network;
  • To investigate and analyze relevant matters, including usage history and inquiry details of the Services, and use the results for improving and developing the Services and for distributing advertisements;
  • To communicate relevant matters, including important notices, changes, suspensions, or discontinuations of the Services to you;
  • To conduct marketing activities and evaluate the effectiveness of marketing initiatives and customer support measures;
  • To provide content matching with your interests;
  • To enable you to search for, browse, post, or otherwise utilize information on our Site and Services;
  • To assess your needs and interests in order to better tailor offers and advertising;
  • To improve the Services and effectively provide the content of the Services;
  • To request cooperation with surveys and interviews related to the Services, invite participation in various events, and report the results of such activities;
  • To provide questionnaires for the purpose of statistical surveys (the answers to questionnaires may be made public in the form of statistical information that does not allow a specific individual to be identified);
  • To cross-reference Personal Information held by third parties and deliver advertisements;
  • To prevent fraud and other crimes related to property;
  • To comply with laws and regulations; and
  • To exercise or protect our legal rights.

3.2 Purpose of Use of Our Shareholders’ Personal Information

  • To exercise rights and fulfill obligations under the Companies Act;
  • To implement various investor relations (IR) initiatives;
  • To manage shareholders, including creating shareholder data in accordance with prescribed standards based on various laws and regulations;
  • To comply with laws and regulations; and
  • To exercise or protect our legal rights.

3.3 Purpose of Use of our Business Partner Representative’s Personal Information

  • To manage information about business partners;
  • To communicate as necessary for contract conclusion and transaction execution;
  • To handle billing and payment operations;
  • To comply with laws and regulations; and
  • To exercise or protect our legal rights.

4. Emails

We may send you emails to provide our Services, content, or functions, research, provide news, promotions, and announce events. You may opt out of receiving these emails. We may use a third-party service to send emails or communicate smoothly with our customers. 

5. Disclosure of Personal Data

5.1 The Company will not disclose or provide personal data to any third parties (excluding third parties located in foreign countries, and this applies to 5.1 and 5.2) without obtaining prior consent from the individual whose personal data is concerned, except in the following cases:

  • when based on law;
  • when it is necessary for the protection of a person’s life, body, or property, and it is difficult to obtain the individual’s consent;
  • when it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the individual’s consent;
  • when it is necessary to cooperate with a national or local government agency, or an individual or entity commissioned by such agency, in executing affairs prescribed by law and obtaining the individual’s consent is likely to impede the execution of such affairs; or
  • in other cases permitted by law.

5.2 Notwithstanding the immediately preceding paragraph, the recipients of the information in the following cases will not be herein considered third parties:

  • When the Company commissions the handling of personal data, in whole or in part, within the scope necessary to achieve the purpose of use;
  • When personal data is provided as a result of a merger or other business succession; or
  • When personal data is used jointly with specific parties, provided that the individual is notified in advance, or the individual can easily become aware, of such joint use, the items of personal data to be used jointly, the scope of the joint users, the purpose of use by the joint users, and the name of the person or entity responsible for managing the personal data.

5.3 The Company will not provide personal data to third parties located in foreign countries without obtaining prior consent from the individual whose personal data is concerned, except in the following cases:

  • When the third parties located in a foreign country implement measures in accordance with appropriate and reasonable methods in line with the intent of the provisions of Section 1, Chapter 4 of the Act on the Protection of Personal Information, and such implementation is ensured between the Company and the third parties; or
  • When any of the items listed in 5.1 apply.

5.4 Notwithstanding 5.3, the Company may provide personal data handled by the Company to third parties located in foreign countries as specified below:

Nulab USA, Inc

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    Personal Information is handled within the scope of our privacy policy.

Amazon Web Services, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

PayPal Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information: All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Google LLC

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Mixpanel, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information: All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Intercom, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Stripe, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Intuit Inc. (Mailchimp)

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Marketo Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Salesforce, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Slack Technologies, LLC

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    All measures corresponding to the 8 principles of the OECD Privacy Guidelines are being implemented.

Zendesk, Inc.

  1. Name of the foreign country: the United States of America
  2. Information on the personal information protection system in the foreign country obtained by appropriate and reasonable methods:
    Please refer to the information on the system in the United States (Federal) published by the Personal Information Protection Commission.
    https://www.ppc.go.jp/files/pdf/USA_report.pdf
  3. Information on the measures taken by the third party to protect personal information:
    The recipient implements almost all measures corresponding to the 8 principles of the OECD Privacy Guidelines. However, it is stipulated that (vii) as for personal participation, the rights are granted for requesting access to, the correction or update of, or in some cases, the deletion of the individual’s personal data (with some exceptions (but no content of such exceptions is specified)). Thus, the rights granted to the individual might not be sufficient.

6. Security Control Measures

We will take necessary and appropriate security control measures, including those specified below, to prevent a leak, loss, or deletion of or damage to the Personal Information we handle and to otherwise manage personal data in a secure manner. Furthermore, we will put in place appropriate measures to handle Personal Information incidents and measures to prevent the damage from spreading. We will conduct a review of the security control measures in a timely manner and appropriately improve them when necessary.

(1) Establishment of basic policies

  • To comply with relevant laws, regulations, and guidelines to ensure the proper handling of personal data.
  • To establish basic policies concerning the proper handling of personal data.

(2) Establishment of rules for handling personal data

  • To establish internal rules regarding relevant matters, including the methods for handling personal information at each stage, including acquisition, use, provision, and erasure.

(3) Organizational Security Management Measures

  • To appoint a person responsible for handling personal information and specify the employees who handle Personal Information.
  • To establish a reporting and communication system for notifying the responsible person of any facts or signs of violations of laws or internal rules.

(4) Personnel Security Management Measures

  • To provide regular training to employees on important points to be noted in handling personal data.
  • To conclude confidentiality agreements concerning personal data with employees and contractors.

(5) Physical Security Management Measures

  • To implement measures to prevent unauthorized individuals from viewing personal data.
  • To take measures to prevent theft or loss of devices, electronic media, documents or other media that handle personal data. Additionally, when carrying such devices and media, including within business premises, implement measures to ensure that personal data is not easily identifiable.

(6) Technical Security Management Measures

  • To limit the scope of personnel and the personal information databases such personnel handle by implementing access controls.
  • To introduce mechanisms to protect information systems that handle personal data against unauthorized access or malicious software originating from external sources.
  • To encrypt all communications to prevent third parties from intercepting any transmitted or received data, including Personal Information.

(7) Understanding of External Environments

When storing personal data in cloud services and when either the cloud service provider or the server storing the personal data is located in a foreign country, to understand the personal information protection systems and other relevant matters of such foreign country and implement necessary and appropriate measures to ensure the secure management of personal data.

7. Disclosure of Retained Personal Data

If you request notification regarding the purpose for which personal data the business holds (as defined in Article 16, paragraph 4 of the Act on the Protection of Personal Information, and such personal data will hereinafter simply be referred to as “Retained Personal Data”) or request disclosure of Retained Personal Data or third-party provision records, in accordance with the procedures prescribed by our company and within the scope permitted by the Personal Information Protection Law, then we will promptly notify or disclose the requested information to you without delay; provided, however, that we may choose not to disclose Retained Personal Data or third-party provision records if any of the following applies:

  • When there is a risk of harm to the life, body, property, or other rights or interests of our customer or a third party.
  • When there is a risk of significantly impeding the proper execution of our business.
  • When it would otherwise result in a violation of laws or regulations.

8. Correction of Retained Personal Data

If your Retained Personal Data held by the Company is incorrect, you may request the correction, addition, or deletion (“Correction”) of the Retained Personal Data through procedures prescribed by the Company.

If we determine that it is necessary to respond to your request as mentioned in the immediately preceding paragraph, we will promptly make a Correction to the Retained Personal Data.

When we make a Correction based on the immediately preceding paragraph or decide not to make a Correction, we will promptly notify you of it.

9. Suspension of Use of Retained Personal Data

You may request the suspension of use or the suspension of provision to third parties concerning Retained Personal Data (“Suspension”) through procedures prescribed by the Company.

If we determine that responding to your request, as mentioned in the immediately preceding paragraph, is necessary, we will promptly suspend the Retained Personal Data.

When we carry out Suspension based on the immediately preceding paragraph or decide not to carry out Suspension, we will promptly notify you of it.

10. Contact Us

If you have any questions about this Policy, please use the Contact Us page on our Site.

11. Changes To This Policy

We may update this Policy. In case of material updates, we will notify you on our Site in advance. Please periodically confirm this Policy to obtain the latest information about our processing of Personal Information.

Special Provisions for Residents of the European Economic Area (EEA)

For the purposes of the EU General Data Protection Regulation 2016 (the “GDPR”), Nulab is the controller of the Personal Information processed by us and we are responsible for our services and websites, including https://nulab.com, https://backlog.com, https://cacoo.com, https://www.typetalk.com (the “Site”).

* “Controller” of personal information is defined as “person … which … determines the purposes and means of the processing of personal data” under Article 4(7) of the GDPR.

1. Personal Information We Collect

Please refer to the “1. Personal Information We Collect” in our Privacy Policy above.

Further, as you interact with our Services, we may automatically collect the following information:

  1. information about your device and the use of a browser (including usage status, frequency of use, and length of your visit);
  2. the date you accessed our Site;
  3. the website you visited before visiting our Site;
  4. technical information about your browser, OS type and language, IP address, and the domain name; and
  5. if you access our Services from a mobile application, your mobile carrier, device identifier, type of device, performance information, app store when downloading the application, customer behavior, frequency of use, usage status when using the application (including the number of times you used the application).

We collect those Personal Information by using cookies, server logs and other similar technologies. The content collected and recorded on access logs is used as server operation information to assist in improving our Services, and also to provide you, depending on your usage status, with information useful to use our Services or promotional information via e-mail or by other means.

The information recorded on access logs is not used in conjunction with other Personal Information when used as server operation information, but will be used in conjunction with your user information and e-mail address where we contact you via e-mail or by other means for example to inform you about the latest updates to the Services.

2. Emails

Please refer to “4. Emails” in our Privacy Policy above. 

We may share information, such as your email address, with the third-party service provider only to the extent necessary for this purpose.

3. Disclosure of Personal Information and Transfer of Personal Information outside of the EEA

We will protect your Personal Information as being strictly confidential. We may share your personal information with the parties set out below for the purposes set forth in this Policy:

  • A member of our corporate group;
  • Our professional advisors such as auditing firms, accountants and lawyers, etc.;
  • Companies that provide services to help us with our business activities, such as data storage, maintenance services, database management, web analytics and payment processing; and
  • Companies that succeed to our business or assets due to an organizational restructuring or a business transfer or the like.

We may also disclose your Personal Information to the extent required by law and only to the extent  such disclosure of Personal Information is  necessary, such as to protect your safety or the safety of others, investigate crimes, or respond to a request by the government or any other third party. Furthermore, we will notify you of any provision of your Personal Information to respond to a request by the government or a third party unless notification is prohibited by applicable laws and regulations.

As Nulab’s headquarters are based in Japan, your Personal Information might be transferred in a country outside of the EEA. 

Regarding Japan, the European Commission has adopted an adequacy decision on Japan on January 23, 2019 allowing personal data to flow freely between the two economies on the basis of strong protection guarantees.

If your Personal Information is transferred to a third party located in a country that has not received an adequacy decision by the European Commission, we will take appropriate security measures, such as use the European Commission-approved Standard Contractual Clauses. You can request details of the security measures (including a copy of the Standard Contractual Clauses) we took by contacting us through the Contact Us page on our Site.

Outsourcing

We may use third party vendors to assist us in carrying out certain operations necessary for providing our Services (for example, customer support, etc.). In doing so, all or part of the User’s Personal Information, including User Data, may be entrusted to such vendors, including  service providers in the list as mentioned below. . We require all third parties to process Personal Information in a secure manner in accordance with applicable laws and regulations. Furthermore, we require all third parties that process Personal Information on our behalf, to process such Personal Information in accordance with our instructions, to the minimum amount necessary to carry out their tasks and only for the purposes that we retained them for.

Nulab shall be responsible for ensuring that vendors comply with obligations equivalent to those imposed on Nulab under laws and Nulab’s Terms of Services.

The list of service providers used by Nulab and the list of countries where Personal Information is processed and stored is set out in 5.4 of our Privacy Policy above.

4. Retention Period of Personal Information

We will store your Personal Information, in a form which permits us to identify you, for no longer than is necessary for the purpose for which the Personal Information is processed. Furthermore, we will store your Personal Information as necessary to comply with our legal obligations, resolve disputes, or enforce our rights, or if it is technically difficult to remove it immediately.

5. Security Control Measures

Please refer to “6. Security Control Measures” in our Privacy Policy above. 

In addition, the security control measures we will take include executing appropriate agreements with outsourced parties or employees and supervising them. In case we process Personal Information overseas, we will confirm the systems of that foreign country and what protections it offers for Personal Information and we will take appropriate security control measures accordingly. 

We process Personal Information about you only where we have the following legal basis for doing so:

  • Agreement: where we need to process your Personal Information to perform an agreement we executed with you.
  • Legal obligation: where we need to process your Personal Information to comply with a legal obligation.
  • Legitimate interest: where we need to process your Personal Information for our legitimate interests or those of a third party, and they are not overridden by your interests and fundamental rights.
  • Consent: where you give us consent to process Personal Information. You may withdraw your consent at any time, but withdrawing your consent will not affect the lawfulness of the processing of your Personal Information based on the consent you gave before your withdrawal.

If you have any questions regarding the details of the legitimate interests, please contact us using the Contact Us page on our Site.

7. Your Rights

You have multiple legal rights in relation to your Personal Information we hold about you. These rights may change according to data protection laws and regulations applied in relation to your location and the relationship between you and Nulab, but typically include the following.

  • Right of access to personal information. You may have the right to request access to related information, including personal information we hold about you, the purposes for processing the personal information, the recipients or categories of recipients with whom the personal information has been shared, the period for which the personal information will be stored (if impossible, the basis used to determine that period), the right to object to competent authorities, the source of the personal information, and the existence of any automated decision making.
  • Right to correct personal information. You may have the right to request that Nulab correct any inaccurate or incomplete personal information about you.
  • Right to erase personal information. You may have the right to request that Nulab erase personal information about you under certain circumstances, including the following circumstances.
    • If it is no longer necessary for Nulab to store your personal information, in light of the purpose for collecting the personal information.
    • If Nulab may process personal information only on the basis of your consent, and you withdraw your consent.
    • If you object to Nulab’s processing of personal information on the grounds of legitimate interests, and those legitimate interests do not override your interests, rights and freedom.
  • Right to request that the processing of personal information be restricted. You may have the right to restrict the processing of your personal information under certain circumstances, including the following circumstances.
    • If you object to the accuracy of your personal information yourself (limited to the period necessary for Nulab to confirm the accuracy of personal information).
    • If it is no longer necessary for Nulab to process personal information for purposes other than filing for or exercising legal claims, or to defend the same.
    • If you object to Nulab’s processing of personal information on the grounds of legitimate interests (limited to the period necessary to determine whether the legitimate interest overrides your interests, rights and freedom.).
  • Right to object. You may have the right to object to Nulab regarding the processing of your personal information.
  • Right of data portability. If Nulab processes personal information provided by you on the legal basis of consent or an agreement, you may have the right to request that you receive personal information in structured and generally used, and machine-readable form, or that the personal information be transferred directly to a third party to the extent this is technically feasible for Nulab.

Where you believe that we have not complied with our obligations under this Policy or the GDPR, you have the right to make a complaint to the relevant data protection authorities.

Communication with End Users

Unless required by law, Nulab will not accommodate requests from End Users concerning data protection or privacy without the Customer’s written consent. Provided, however, that, in cases where a Customer provides account to an End User, Customer agrees that Nulab may contact such End User, using End User’s information provided by the Customer, for the purpose of providing such End Users with tips, advice and other useful information or product related information to help such End User make the best use of Nulab’s products and services. In such cases, Nulab shall obtain End User’s consent in advance. Furthermore, Nulab shall take commercially appropriate steps for suspending future communication whenever End User’s consent is not obtained.