Global Privacy Policy | OM Digital Solutions Corporation

OM Digital Solutions Global Privacy Policy

OMCo., Group Digital Solutions Ltd. and its Companies (Please refer to Article 7(2). ; hereinafter referred to as "the Company" ) complies with the Act on the Protection of Personal Information of Japan (hereinafter referred to as "APPI"), the EU General Data Protection Regulation No. 2016/679 (hereinafter referred to as "GDPR"), the Personal Information Protection Law of the People's Republic of China (hereinafter referred to as "PIPL"), the California Consumer Privacy Act (hereinafter referred to as "CCPA"),and other applicable data protection laws and regulations (hereinafter collectively referred to as the "Applicable Laws") and hereby establishes this OM Digital Solutions Global Privacy Policy (hereinafter referred to as the "Policy") regarding the handling of personal information of customers, business partners, employees, and others (hereinafter collectively referred to as "Customers, etc.") as follows.
Please note that regarding the handling of personal information of residents of the State of California, U.S.A., and residents of China, as well as the handling of personal information in China, the attached supplementary provisions shall apply in addition to this Policy (Main Provisions).

Article 1 (Definitions)

The meanings of terms used in this Policy shall be as defined individually within each provision, as well as as set forth in the following items.

Customer: An individual who uses our products or services (including existing and potential customers).
Business Partner: Officers, employees, and sole proprietors belonging to corporations or organizations that have a business relationship with the Company, such as suppliers, contractors, sales agents, partners, and external experts
Employees, etc.: Current officers and employees of our company, candidates who have applied for employment, and former officers and employees

Article 2 (Types of Personal Information Collected)

To the extent necessary to achieve the purposes of use specified in Article 3 (Purposes of Use of Personal Information and Legal Basis for Handling), we may collect and use the following types of personal information regarding customers and others.

1. Information Regarding Customers

Identification and Contact Information: Identification and contact information, such as name, address, telephone number, email address, date of birth, gender, account information (ID, password), and product registration information
Transaction and Contract Information: Transaction and Contract Information: E-commerce purchase information, repair request details, repair history, inquiry history, campaign entry information, etc.
Technical Information and Online Activity Information: Technical Information and Online Activity Information: IP address, device type, cookie data, website browsing history, app usage history, camera log data, etc.
Audio and visual information: Voice recordings from inquiries, photos taken during event participation, and image information including facial features (limited to cases where sharing of photo data with us has been enabled in our smartphone app "OI.Share")
Social media service-related information: Social media service-related information, such as information posted by you via social media services (Facebook, Instagram, X (formerly Twitter), TikTok, WeChat, Weibo, etc.; the same applies hereinafter), IDs, and account information
Other: Other information regarding you

2. Information regarding business partners

Information regarding business partners, such as names, company names, departments, job titles, contact information (including email addresses and phone numbers), and account information when using our systems

3. Information Regarding Employees, etc.

Basic Identification Information: Basic identification information such as name, date of birth, address, telephone number, photograph, employee ID number, passport number, status of residence information, and My Number
Human Resources and Labor Information: Human resources and labor information, including employment status, department, job title, performance evaluation records, salary and bonus calculation results, attendance records, training participation records, and retirement-related documents
Social Security and Tax-Related Information: Social Security and Tax-Related Information: Basic Pension Number, various insurer and insured person numbers, bank account information, pension-related information, social insurance and employment insurance information, income tax and resident tax-related information, etc.
Job Candidate Information: Recruitment candidate information, including application documents, resumes and work histories, graduation certificates, interview records, aptitude test records, expense reimbursement accounts, and job offer letters
Health and Labor Management Information: Health and labor management-related information, such as health information (health examination data, high-cost medical expense statements, medical certificates, occupational physician's opinions, and disability information) and labor management records (labor issue records and obituary information)
System Usage Information: System usage information, such as account information regarding the use of our systems and business email data
Other: Other information regarding employees, etc.

Article 3 (Purposes of Use of Personal Information and Legal Basis for Handling)

We collect and handle personal information for the purposes listed below based on the consent of customers, the performance of contracts, or our legitimate interests. Note that the use of personal information for the purposes listed below includes cases where such use is conducted through analysis.

Purposes of Use of Information Regarding Customers

Provision, delivery, and shipment of our products and services; related after-sales service; registration for services; identity verification and authentication; account management; billing for products, services, and various other services; and payment processing
Marketing of our and third-party services and products (including affiliate advertising; the same applies hereinafter), surveys and analyses for marketing purposes (including statistical analysis), consideration and implementation of marketing initiatives, notification, implementation, and operational management of campaigns, prize promotions, events, exhibitions, seminars, etc., questionnaire surveys, promotions, and advertising
Prevention of fraudulent activities, response to system failures, and ensuring security
Planning, research, and development of products and services; quality improvement
Ensuring compliance; provision to third parties in accordance with the methods described in Article 4 (Provision of Personal Information)
Responding to various inquiries and requests for materials, and maintaining records thereof
Investigations and record-keeping based on laws and regulations, as well as notifications and reports to government agencies

Purposes of Use of Information Regarding Business Partners

Contract negotiations, conclusion, and performance Business communications, access management, management of business partner information, and the implementation of and communication regarding business negotiations, meetings, events, and briefings
Announcements, implementation, and operational management of events, exhibitions, seminars, etc.; surveys; promotions and advertising
Prevention of fraudulent activities, response to system failures, and ensuring security
Access control and history management for facilities managed by the Company
Ensuring compliance; provision to third parties in accordance with the methods described in Article 4 (Provision of Personal Information)
Responding to various inquiries and requests for materials, and maintaining records thereof
Investigations and record-keeping based on laws and regulations, as well as notifications and reports to government agencies

Purposes of Use of Information Regarding Employees, etc.

Employee management
Recruitment activities
Business-related communication and various procedures
Human Resources and Labor Management
Liaison with health insurance associations, corporate pension funds, and labor unions
Prevention of misconduct, response to system failures, and ensuring security
Ensuring compliance; disclosure to third parties in accordance with the methods described in Article 4 (Provision of Personal Information)
Investigations, record-keeping, and notifications and reports to government agencies as required by laws and regulations

Article 4 (Provision of Personal Information)

Except as permitted under applicable laws and regulations, we will provide personal information to the recipients specified below. Our current or future parent companies, subsidiaries, and affiliated companies

Service providers to the Company (including, but not limited to, credit card payment processors)
Third parties who have obtained the consent or instruction of customers, etc.
Public authorities (limited to cases permitted under applicable laws and regulations)

Article 5 (Sources of Personal Information)

We primarily collect personal information directly from customers and others. In addition, we may collect personal information from customers and others through various internet marketing channels, social media services, service providers and vendors providing services to us, as well as our current or future parent companies, subsidiaries, and affiliates.

Article 6 (Entrustment of Personal Information Handling)

We may entrust the handling of customers' personal information to third parties to the extent necessary to achieve the purposes of use set forth in Article 3 (Purposes of Use and Legal Basis for Handling Personal Information).
In such cases, the Company will enter into a contract with the entrusted party regarding the protection of personal information, exercise necessary and appropriate supervision to ensure that appropriate security measures are taken in accordance with applicable laws and regulations and the Company's standards, and, upon termination of the entrustment, take appropriate measures such as retrieving, disposing of, or deleting the relevant personal information from the entrusted party.

Article 7 (Joint Use)

In accordance with the APPI, we with our business locations and group companiesmay share customers' personal information as follows:

Shared Use with Our Offices and Group Companies

(1) Items of Personal Information Subject to Joint Use
As described in Article 2 (Types of Personal Information Collected).
(2) Scope of Parties Engaged in Joint Use
Our offices and group companies (Please check the URL below for details.)
Website: https://www.om-digitalsolutions.com/en/company/profile/
(3) Purpose of Use by Parties Sharing the Information
As described in Article 3 (Purpose of Use of Personal Information and Legal Basis for Handling).
(4) Data Controller for Joint Use
Our Company (Please see the URL below for details.)
Website: https://www.om-digitalsolutions.com/en/company/profile/

Article 8 (Transfer of Personal Information to Businesses in Third Countries)

We may transfer your personal information to a third country outside the country where you reside (or, for customers residing within the EEA, outside the EEA) (hereinafter referred to as "transfer outside the EEA"). Some of these countries may have lower standards of personal information protection compared to the laws and regulations applicable in the country where you reside.
When transferring customers' personal information to such countries, we will, in accordance with applicable laws and regulations, obtain consent from customers as necessary, implement appropriate transfer safeguards such as entering into contracts with the recipients of the personal information, identify the risks associated with cross-border transfers, and conduct a data protection impact assessment necessary to mitigate such risks. If you wish to obtain more specific information regarding these measures, please contact us using the contact information provided in Article 17 (Contact Information).

Article 9 (Security Measures)

We strive to appropriately maintain organizational, technical, and physical security measures to protect the personal information we handle. These measures protect personal information from anticipated threats and risks, as well as unauthorized access and misuse.Furthermore, we strive to ensure appropriate security commensurate with the level of confidentiality of the personal information we handle. In particular, we take the utmost care to protect highly confidential personal information—such as payment information—which could cause significant damage or disadvantage if disclosed to third parties.

Article 10 (Retention Period for Personal Information)

We retain your personal information only for as long as necessary to provide the products, services, or programs you have requested; to maintain the performance of these offerings; to make business decisions (including those based on information regarding new features or products); to comply with legal obligations; to resolve disputes; and to achieve other business objectives that are essential to our operations. If we no longer have a legitimate business need to process your personal information, we will take appropriate measures, such as deleting or anonymizing such information, in accordance with applicable laws and regulations.
The primary criteria we consider when determining the retention period for personal information are as follows:

Whether a continuing relationship exists between us and you
Whether we have a legal obligation to protect the personal information
Whether we need to fulfill a contract with you
Whether retention is necessary based on our legal position (e.g., applicable statutes of limitations, litigation, regulatory investigations, etc.)

Article 11 (Handling of Children's Personal Information)

We will not intentionally collect or process personal information regarding customers under the age at which consent from a parent or guardian is required by applicable laws and regulations without such consent.When collecting or processing such personal information, if required by applicable laws and regulations, we will notify the parent or guardian in advance by appropriate means and obtain the necessary consent. Furthermore, if we discover that consent from a parent or guardian has not been obtained, or if we become aware that we have collected or processed personal information in a manner that violates applicable laws and regulations, we will promptly delete such personal information or take other appropriate measures.

Article 12 (Rights Regarding Disclosure, Correction, Addition, and Deletion of Personal Information)

Customers and others may have the following rights regarding personal information in accordance with applicable laws and regulations.

(1) (Right to Request Access to Personal Information (including records of provision to third parties) and to Receive Copies)
(2) The right to request correction of personal information
(3) The right to request the deletion of personal information (the right to be forgotten)
(4) The right to request restriction of the handling of personal information (suspension of processing)
(5) The right to receive personal information in a structured, machine-readable format (right to data portability)

These rights may be restricted in cases where the requested action could infringe upon the rights of the Company or a third party, or where a request for deletion is made regarding information that the Company is required to retain under applicable laws and regulations, or in other cases falling under the exceptions specified in applicable laws and regulations.
To exercise these rights, please contact us by mailing a document to the address listed in Article 17 (Contact Information) or by sending an email to the designated email address.

Article 13 (Right to File Objections or Complaints Regarding the Handling of Personal Information)

You may have the right to file a complaint with us regarding our handling of personal information in accordance with applicable laws and regulations.
In addition, you may have the right to object at any time, in accordance with applicable laws, to our processing of personal information where we rely on our legitimate interests as the legal basis for such processing. The processing of personal information referred to here includes profiling (which means analyzing and predicting behavior based on your information; the same applies hereinafter).
Furthermore, if personal information is being processed for direct marketing purposes, you may have an absolute right under applicable laws to request the cessation of direct marketing or the cessation of profiling conducted for such purposes.
To exercise these rights, please contact us by mailing a written notice to the address listed in Article 17 (Contact Information) or by sending an email to the designated email address.

Article 14 (Right to Withdraw Consent)

If we are handling your personal information based on your consent, you may have the right to withdraw that consent within the scope of applicable laws. Please note that withdrawing consent does not affect the lawfulness of the processing of personal information carried out based on consent prior to withdrawal.
To exercise this right, please contact us using the contact information listed in Article 17 (Contact Information).

Article 15 (Consequences of Not Providing Personal Information)

You are under no obligation to provide personal information to us. However, depending on the specific information, failure to provide it may prevent you from using our services, conducting transactions with us, or completing employment procedures.

Article 16 (Right to File a Complaint with a Supervisory Authority)

You may have the right to lodge a complaint with a supervisory authority in accordance with applicable laws. The supervisory authorities to which you may lodge a complaint may include those in the EU member state where you reside or work, where the alleged GDPR violation occurred, or the supervisory authority in the United Kingdom.

Article 17 (Contact Information)

For inquiries regarding our handling of personal information, please contact the following office.

Inquiries from North, Central, and South America: Address: OMDS Data Privacy, OM Digital Solutions Americas, Inc.
email@om-digitalsolutions.com
(Please check the URL below for details.)
Website: https://www.om-digitalsolutions.com/en/support-launchinfo.html
Inquiries from Europe, the Middle East, and Africa: Address: Data Protection, OM Digital Solutions GmbH
data-protection@om-digitalsolutions.com
(Please check the URL below for details.)
Website: https://contact-support.explore.omsystem.com/hc/en-us/requests/new
Inquiries from Asia (including mainland China): Recipient: Data Protection
(Please check the URL below for details.)
Website: https://www.om-digitalsolutions.com/ja/common/support-launchinfo.html
[" Inquiries regarding personal data "]
Inquiries from China via: Attn: OM Digital Solutions China
(Please check the URL below for details.)
Website: https://om-digitalsolutions.cn/support/contactus.php
[" Shanghai Customer Service Center" ]

Article 18 (Use of Google Analytics)

We may use Google Analytics provided by Google in this Service and individual services. Google Analytics uses cookies to collect information about you and others. Information collected by Google Analytics is managed by Google in accordance with its Terms of Service and Privacy Policy below. For details on how Google Analytics collects and processes data, please refer to "How Google uses information from sites and apps that use our services" below.Additionally, if you wish to opt out of information collection via Google Analytics on our website, you can stop the collection of information using the "Google Analytics Opt-out Add-on" feature described at web sites of Google Analytics

Supplementary Provisions: Special Provisions Regarding the Handling of Personal Information of Residents of the State of California

With regard to the handling of personal information of residents of the State of California, U.S.A. (meaning information that can directly or indirectly identify, relate to, describe, refer to, or associate with a particular consumer or household, or that can reasonably be linked to such a consumer or household; the same applies throughout this Supplement), this Supplement applies in addition to the provisions of the above Policy (Main Provisions), in accordance with the provisions of the CCPA.

Article 1 (Categories of Personal Information Collected by the Company and Recipients)

We have collected the categories of personal information listed in the table below from customers and others over the past 12 months, and we will continue to collect such categories of personal information in the future.
For specific details regarding the types of personal information we collect, please refer to Article 2 (Types of Personal Information Collected) of the Main Provisions.

Category
Identifiers
Categories of Personal Information Listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e))
Protected classification characteristics under California or federal law
Information regarding activities on the Internet or other electronic networks
Audio, electronic, visual, thermal, olfactory, and similar information
Sensitive personal information

Regarding the categories of personal information listed in the table above, please refer to Article 4 (Disclosure of Personal Information) of these Principles for information on the recipients to whom we disclose such personal information to third parties, Article 5 (Sources of Personal Information) for the sources from which we collected such personal information, and Article 10 (Retention Period for Personal Information) for the retention period of the personal information we have collected.

Article 2 (Rights Under the CCPA)

California residents are granted certain rights regarding personal information under the CCPA. Below, we explain the rights you may exercise under the CCPA and how to exercise them.

Right to Request Disclosure of Personal Information

You have the right to request the disclosure of specific information regarding your personal information that we have collected, shared, disclosed, or used. Upon receipt of a verifiable request from you, we will disclose some or all of the following information:

The categories of personal information we have collected about you
The categories of sources from which we collected the personal information
The business or commercial purposes for which we collect, sell, or share personal information
Categories of third parties to whom we sell or share personal information
The categories of personal information we have sold, and the types of recipients for each category of personal information sold
Categories of personal information we have disclosed for business or commercial purposes, and the types of recipients for each category of personal information disclosed
The specific personal information we have collected about you

To submit a disclosure request, please contact us via email at email@om-digitalsolutions.com .

Right to Request Deletion of Personal Information

You have the right to request the deletion of your personal information collected and retained by us, subject to certain exceptions. Upon receipt of a verifiable request, we will delete your personal information from our records and instruct our service providers to do the same, unless the request falls under an exception set forth in the CCPA.

Right to Request Correction of Personal Information

You have the right to request the correction of inaccurate personal information about you that we have collected and retained. Upon receipt of a verifiable request, we will correct any inaccurate personal information about you in our records and instruct our service providers to do the same. However, we may refuse a request for correction if we determine, based on a comprehensive assessment of the circumstances, that the personal information is likely to be accurate.
To request a correction of your personal information, please contact us via email at email@om-digitalsolutions.com .

Right to Opt Out of the Sale or Sharing of Personal Information

We have not sold or shared any personal information collected from you or others in the past 12 months, and we do not intend to do so in the future.

Right to Request Restriction of Use of Sensitive Personal Information

We will not use or disclose sensitive personal information collected from you for any purpose other than the following:

To provide goods and services that the average consumer reasonably expects
To help ensure security and integrity
For short-term, temporary use (excluding profiling or changes to future consumer experiences)
To provide services on our behalf
To maintain or improve the quality and safety of our services and devices

Right to Non-Discrimination

We will not discriminate against you or others on the basis of your exercise of rights under the CCPA. Furthermore, except as expressly permitted by the CCPA, we will not:

Refusing to provide goods or services to you
Charging different prices or fees for goods or services, including the granting of discounts or other benefits, or the imposition of penalties
Providing goods or services of different levels or quality
Charging different prices or fees, or implying the provision of goods or services of different levels or quality
Taking retaliatory action against customers, employees, job applicants, or others

How to Exercise Your Rights Under the CCPA

As noted above, to exercise your rights to access, delete, or correct your personal information under the CCPA, please send a verifiable request via email to email@om-digitalsolutions.com .
Only you, or a person registered with the California Secretary of State whom you have authorized to act on your behalf, may submit a verifiable request regarding your personal information. You may also submit a verifiable request on behalf of a minor child.
You must: (1) provide sufficient information to allow us to reasonably verify that you are the individual from whom we collected the personal information or their authorized agent; and (2) describe your request in sufficient detail to allow us to properly understand, evaluate, and respond to it.

Supplementary Provisions: Special Rules Regarding the Handling of Personal Information Subject to Chinese Law

The following are special provisions applicable to the handling of personal information subject to the Personal Information Protection Law of China (hereinafter referred to as "PIPL") by OM Digital Solutions China (hereinafter collectively referred to as "the Company" in these Special Provisions). In the event of any conflict between these Special Provisions and the provisions in the main text, the provisions of these Special Provisions shall prevail; matters not specified in these Special Provisions shall be governed by the provisions in the main text.

Article 1 (Obtaining Consent)

When the Company handles personal information, it shall obtain consent from customers and others.
Notwithstanding the preceding paragraph, the Company may handle personal information without obtaining consent from customers, etc., in the following cases:
- (1)When necessary for the conclusion or performance of a contract to which the customer or other party is a party;
- (2)When necessary to implement human resource management in accordance with internal regulations established under the law and collective agreements concluded under the law;
- (3)Where it is related to the fulfillment of duties or obligations prescribed by law;
- (4)Where it is directly related to national security or defense security;
- (5)Where it is directly related to public safety, public health, or significant public interests;
- (6)Where it is directly related to criminal investigations, prosecutions, trials, or the enforcement of judgments;
- (7)When it is necessary to protect the vital legitimate interests (such as life or property) of customers or other individuals, but it is difficult to obtain the consent of such customers;
- (8)Where the personal information being handled has been disclosed by the customer or other individual themselves;
- (9)Where the personal information of customers, etc. has been collected from information lawfully disclosed;

Article 2 (Acquisition of Personal Information)

When acquiring personal information, the Company shall do so by lawful and appropriate means, and shall acquire only the minimum amount of information directly related to the purpose of handling such personal information.
Except where such personal information is indispensable for the provision of our products or services, we shall not refuse to provide products or services on the grounds that you have not consented to the handling of your personal information.

Article 3 (Principles Regarding the Use of Personal Information)

Except as permitted by law, we will not handle personal information beyond the scope of the purposes of use and other matters specified in these Principles without obtaining the consent of our customers and other relevant parties.
If there are any changes to the purposes of handling personal information, we will notify customers individually and obtain their consent again.

Article 4 (Handling of Sensitive Personal Information)

The Company handles the following types of sensitive personal information, and shall obtain individual consent from customers and others when handling any other types of sensitive personal information.

Attributes	Type of Sensitive Personal Information	Necessity of Handling	Impact on Individual Rights and Interests
Information Regarding Employees	Bank account information Occupational status information, etc.	Payroll processing and ,employee management etc.	We may be unable to provide services using this information.

Article 5 (Outsourcing of Personal Information Handling)

In the event that we outsource all or part of the handling of personal information to a company, organization, or individual other than our company (hereinafter collectively referred to as "Third Parties"), we shall enter into an agreement with the contractor regarding the purpose, scope, methods of processing, and data security measures, and shall clearly define the responsibilities and obligations regarding data security.
We shall appropriately supervise the handling of personal information by the entrusted party.

Article 6 (Provision of Personal Information to Third Parties)

We may provide personal information handled by us to third partiesto third parties. When providing personal information , we will obtain separate consent from customers and others.

Article 7 (Cross-Border Transfer of Personal Information)

We may transfer the personal information we handle to the third parties located outside Japan listed below. If we transfer personal information to parties other than those listed below, we will obtain separate consent from you or other relevant parties.

Name of Third Party	Contact Information	Personal Information to Be Provided	Purpose of Use
OM Digital Solutions China	As stated in Article 17	Technical Information and Online Activity Information Technical information and online activity information, such as IP addresses, device types, cookie data, website browsing history, app usage history, and camera log data	Marketing of our and third-party services and products, surveys and analyses for marketing purposes, Ensuring security Planning, research, and development of products and services, and quality improvement

[When providing customers' personal information to third parties outside Japan, we shall implement appropriate personal information protection measures to ensure that the personal information protection standards of such third parties meet the standards prescribed by law.

When the Company provides personal information across national borders, the Company shall implement one of the following measures:

(1) Personal information protection certification by a specialized agency designated by the National Network Information Department;
(2) Conclusion of a standard contract with the recipient of the personal information.

If you wish to exercise your rights against a recipient outside of Japan, please contact the inquiry point specified in Article 9 of these Special Provisions.

Article 8 (Exercise of Rights)

Pursuant to the PIPL and relevant laws and regulations, you have the following rights regarding the personal information we collect and process about you. You may exercise these rights with respect to your personal information by contacting the inquiry point specified in the following article.

(1) The right to confirm the status of the handling of personal information
(2) The right to request access to and a copy of personal information
(3) The right to request the correction and supplementation of personal information
(4) The right to request the deletion of personal information
(5) The right to withdraw consent (provided, however, that such a request for withdrawal shall not affect the lawfulness of the processing of personal information carried out prior to the withdrawal of consent)
(6) Other rights as a data subject under the PIPL and related laws and regulations

Article 9 (Contact Information)

Please refer to Article 17 the main text.of