Privacy policy
1. Introduction
Bayspair Inc. (hereinafter referred to as “Company”) complies with the California Consumer Privacy Act, the EU General Data Protection Regulation, related national implementation laws, and other relevant laws concerning personal information protection in handling personal information obtained by the Company. Please read this Privacy Policy carefully before using our services or applying for positions with the Company.
2. Definitions
The terms used in this Privacy Policy are defined as follows:
(1) “Applicable Privacy Laws” refers to the California Consumer Privacy Act, the EU General Data Protection Regulation, related national implementation laws, and other relevant laws concerning personal information protection.
(2) “EU” refers to the European Union, including its Member States, and the European Economic Area (EEA) which includes Iceland, Liechtenstein, and Norway.
(3) “Controller” refers to a natural person, legal entity, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. In this Privacy Policy, it refers to the Company.
(4) “Personal Data” means any information relating to an identified or identifiable individual. An identifiable individual is someone who can be directly or indirectly identified, especially by referring to details such as their name, identification number, location data, or online identifier, or through one or more factors related to their physical, biological, genetic, mental, economic, cultural, or social identity.
(5) “Data Subject” means an identified or identifiable individual whose Personal Data is processed by the Controller.
(6) “Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
(7) “Recipient” means a natural or legal person, public authority, agency, or another body to which Personal Data is disclosed, whether a Third Party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with EU or Member State law shall not be regarded as Recipients. The Processing of that data by those public authorities shall comply with the applicable data protection rules according to the purposes of the Processing.
(8) “Third Party” means a natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
(9) "Processing" refers to any action or set of actions performed on Personal Data or sets of Personal Data, whether done automatically or not. This includes collecting, recording, organizing, structuring, storing, modifying or altering, retrieving, consulting, using, disclosing by transmission, distribution or otherwise making available, aligning or combining, restricting, erasing, or destroying the data.
(10) “Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to an individual, particularly to analyze or predict aspects concerning that individual's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
(11) “Consent” refers to any voluntary, specific, informed, and unambiguous expression of will by which the Data Subject agrees, through a declaration or a clear affirmative act, that Personal Data concerning them be subject to Processing.
3. Purposes and Legal Basis for Processing Personal Data
(1) The Company processes Personal Data only for the following purposes in accordance with Applicable Privacy Laws. The legal basis for such Personal Data Processing is the performance of contracts, the Company's legitimate interests (conduct of normal business operations), or the Consent of the Data Subject.
(a) Personal information related to customers and business partners
â‘ Implementation of events and projects involving the Company and notification through newsletters, etc.
â‘¡Management of customer and business partner information, Processing of payments and income
â‘¢Business-related communication and contract execution
â‘£Collection of opinions, feedback, and conducting surveys
⑤Responding to inquiries
(b) Personal information of job applicants
â‘ Providing and contacting job applicants with recruitment information
â‘¡Managing recruitment operations within the Company
(c) Personal information related to employees
â‘ Human resources and labor management
â‘¡Payment of wages, salaries, bonuses, etc.
â‘¢Social insurance and tax procedures
â‘£Communication and provision of information to health insurance associations, pension offices, relevant organizations, etc.
⑤Retirement procedures
â‘¥Emergency contact information
⑦Reporting and notifications to the government authorities
⑧Reporting, notifying, and contacting customers and business partners in relation to assigned tasks
⑨Necessary business procedures and communications
(2) The Company obtains Personal Data from the following sources for the purposes of Processing outlined in (1) above:
â‘ Directly from the Data Subject
â‘¡Indirectly from the Data Subject (including cases where the Personal Data of the Data Subject is provided to the Company through the Data Subject's electronic communication devices or internet browsers)
â‘¢Public information
â‘£Social media such as X, LinkedIn, Facebook
⑤Information provided by third parties
(3) The Company may collect the following types of Personal Data for the Processing purposes of Processing outlined in (1) above:
â‘ Name
â‘¡Occupation
â‘¢Home address
â‘£Affiliation (school or workplace) and affiliation address
⑤Location data
â‘¥Email address (personal/business)
⑦Phone number (personal/business)
⑧Online identifiers (IP address, cookie identifiers)
⑨Credit card/bank account information
â‘©Recorded customer call content
⑪Employee performance evaluation records
â‘«Recruitment information (resume, certificates, date of birth, letters of recommendation, etc.)
(4) If the Processing of Personal Data is based on Consent, the Data Subject has the right to withdraw Consent at any time. However, the withdrawal of Consent shall not affect the lawfulness of Processing based on Consent before its withdrawal.
f the Processing of Personal Data is based on Consent, the Data Subject has the right to withdraw Consent at any time. However, the legality of the Processing of Personal Data based on Consent prior to the withdrawal will not be affected by the withdrawal of Consent.
(5) The Company processes Personal Data for specified, explicit, and legitimate purposes mentioned in (1) and does not further process the data in a manner incompatible with those purposes. If the Company intends to process Personal Data collected for one purpose for another purpose, it will always notify the Data Subject. The Company retains Personal Data only as long as necessary to comply with its legal obligations, ensure appropriate service delivery, and maintain its business operations.
(6) The Company ensures that Personal Data processed is adequate, relevant, and limited to what is necessary for the purposes of Processing.
4. Discolure of Personal Information to Third Parties
(1) The Company may share Personal Data with third parties in accordance with Applicable Privacy Laws. When sharing data with data Processors, the Company establishes appropriate legal frameworks governing the transfer and Processing of data.
(2) The Company may share Personal Data with companies providing services such as hosting, maintenance, support services, email services, marketing, customer order response, payment Processing, data analysis, and customer service.
(3) The Company may disclose Personal Data to the minimum extent necessary when required by law, legal proceedings, litigation, or orders or requests from public authorities or government agencies within or outside the Data Subject’s country of residence.
(4) The Company may transfer Personal Data from the EU to countries outside the EU, including Japan and the United States. Personal Data transfers to Japan are based on Japan’s adequacy decision for cross-border data transfers. Personal Data transfers to third countries outside Japan and the EU (excluding countries/regions with adequacy decisions) will be made through the implementation of Standard Contractual Clauses approved by the European Commission.
5. Data Security Management
As the data Controller, the Company implements adequate technical and organizational security measures for Personal Data protection. If Data Subjects have concerns about specific data transfer methods, the Company will take appropriate alternative measures.
6. Data Deletion
Unless a longer retention period is required by law, the Company will delete or dispose of Personal Data when it is no longer necessary for the purposes for which it was processed, using necessary and appropriate methods to prevent external breaches and other risks.
7. Cookies
(1) The Company uses cookies to ensure the proper functioning of its website.
(2) Cookies are small pieces of information stored on the user’s computer by the browser. The Company uses functional cookies necessary for its website to function correctly and analytical cookies to obtain information about the user’s use of the website and improve it.
(3) Data Subjects can disable cookies at any time through their internet browser settings. Default cookies can also be deleted at any time through the internet browser or other software programs. However, disabling cookies in the internet browser may affect the full functionality of the Company’s website.
8. Use of Google Analytics
(1) The Company’s website uses Google Analytics, an access analysis tool by Google. Google Analytics uses cookies for data collection. This data is collected anonymously and does not identify individual Data Subjects.
(2) The user can refuse data collection by disabling cookies in the browser settings. Please check your browser settings. For details about these terms, please refer to the Google Analytics Terms of Service page and Google’s Policy and Terms page.
9. Rights of Data Subjects
Under Applicable Privacy Laws, Data Subjects have the following rights. To assert these rights, Data Subjects can contact our appointed Data Protection Officer (DPO) at any time:
(1) Right to Information: The right to obtain all necessary information from the Company about its data Processing related to the Data Subject.
(2) Right of Access: The right to request access to Personal Data being processed and obtain a copy of the Personal Data.
(3) Right to Rectification: The right to request the rectification of inaccurate Personal Data.
(4) Right to Erasure: The right to have Personal Data erased by the Controller without undue delay in certain cases.
(5) Right to Restriction of Processing: In certain cases, the right to request the restriction of Personal Data Processing.
(6) Right to Notification Regarding Rectification, Erasure, or Processing Restriction: In cases (3) through (5), the Controller shall communicate any rectification, erasure, or Processing restriction to Recipients and notify the Data Subject about those Recipients if requested.
(7) Right to Data Portability: The right to receive Personal Data in a structured, commonly used, and machine-readable format, and the right to transmit that data to another Controller without hindrance from the Controller to which the Personal Data was provided.
(8) Right to Object: The right to object to Processing of Personal Data based on the necessity for legitimate interests pursued by the Controller or Third Party.
(9) Right Not to Be Subject to Automated Processing: The right not to be subject to decisions based solely on automated Processing, including Profiling, which produce legal effects or similarly significantly impacts.
(10) Right to Lodge a Complaint with a Supervisory Authority: The right to a complaint if you believe your Personal Data has been processed in a way that violates the Applicable Privacy Laws.
(11) Right to Opt-out of Sale or Sharing: The right to request that the Company should cease the sale and/or sharing of your Personal Data.
(12) Right to Limit Use and Disclosure of Sensitive Personal Information: The right to direct the Company to use your sensitive personal information only for limited purposes.
(13) Right to Non-discrimination: The right not to be subject to discrimination for exercising your rights.
10. Contact Information for Complaints and Inquiries
(1) If you have questions or complaints, or wish to exercise your rights described in Section 9 of this Privacy Policy, please contact us at:
Bayspair Inc.
11. Data Concerning Minors
The Company does not knowingly process Personal Data relating to minors without parental Consent. If we discover that we have processed Personal Data of minors, we will take measures to delete the Personal Data as quickly as possible. If you become aware that a minor has provided Personal Data to us, please contact us immediately using the contact information provided in this Privacy Policy.
12. Links to Other Websites
The Company may suggest hypertext links from its website to Third Party websites or internet sources. We do not control and cannot be responsible for third parties' actual handling and content regarding Personal Data protection. Please carefully read their Personal Data protection policies and verify how these third parties process your Personal Data.
13. Revision of this Privacy Policy
This Privacy Policy was last revised on February 1, 2025. The Company may modify this Privacy Policy based on Applicable Privacy Laws or Company policies.