February 20, 2023

NEC Corporation and NEC Group companies (hereinafter, “the Company”) shall handle personal data within the Company as described in this document.

1. Controller of Personal Data

Company name: NEC Corporation
Means of contact: Controller dwp@cit.jp.nec.com

2. Purpose of Processing

The purpose(s) of processing your Personal Data is
(1) To internally share information, collaborate, authenticate users, manage access permissions, as well as record and examine availability and usage details, including the content of chats and other communications
(2) To manage all matters concerning information security
(3) To manage projects, communication, cooperation, contract fulfillment, facilities, equipment, and other aspects of the Company’s business
(4) To identify and search for individuals in communications between users of this service
(5) To respond to inquiries and requests
(6) To provide better solutions through activities, including analysis of user needs and development of services
(7) To gain insight into availability and analyze trends
The legal basis for processing your personal data is your freely granted consent to do so through your acceptance of this policy, and if necessary, the Company’s legitimate interest in responding to your requests or in entering a contractual relationship for commercial purposes in the future.

3. Categories of Personal Data

(1) Account information
(2) Name
(3) E-mail address, profile
(4) Image (facial photo, etc.)

4. Parental Consent

If you are under 16 years old, please provide your personal data only after obtaining consent given or authorized by the holder or parental responsibility over you.  

5. Encrypted Communication

This service uses TLS-based encrypted communication to protect personal data.

6. Security of Processing Personal Data

Personal data acquirers will implement appropriate technical and organizational measures to ensure that the level of protection is commensurate with the risk.

7. Overseas Transfer of Personal Data

(1) Third country transfers
Your registered personal data will be transferred to Japan or other third country. (See here for details)

(2) Adequacy decision
Japan has been given an adequacy decision by the European Commission and the United Kingdom that indicates an adequate level of data protection for personal data.

8. The recipients or categories of recipients of the personal data

・Within the scope of the purpose of use, the handling of your personal data may be outsourced to the Company, our partners, cloud service providers and other organizations who have entered into contract with the Company.
・The Company implements security measures to ensure that your personal data is always protected in accordance with applicable regulations.

9. Data subject rights

Data subjects may contact the controller at the aforementioned e-mail address to exercise the following rights with regards to their personal data:

• ・- the right to access, rectify and erase personal data, and restrict processing
• ・- the right to lodge a complaint about the processing of personal data
• ・- the right to data portability, which allows the data subject to obtain their personal data in readable format and reuse it for their own purposes across different services
• ・- the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• ・- the right to lodge a complaint with a supervisory authority, if it exists, in the country or region where the data subject resides

10. Statutory or Contractual Requirement Concerning the Provision of Personal Data

Provision of personal data is neither a legal or contractual requirement, nor is it a requirement for the conclusion of a contract. You are under no obligation to provide personal data. If you choose not to provide the data, however, the Company may be unable to respond to your inquiries.

11. International Transfers

(1) Third country transfers
Your registered personal data will be transferred to Japan or other third country.
(2) Adequacy decision
Japan has been given an adequacy decision by the European Commission and the United Kingdom that indicates an adequate level of data protection for personal data

12. Right to Withdraw Consent

Where the processing is based on the data subject's consent, you have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

13. Retention Period

Personal data will be stored for no longer than is necessary for the purposes for which it was intended.

14. Contact Details of the Data Protection Officer/Personal Data Administrator

(1) Title
Digital Workplace Manager, Smart Work DX Center, NEC Corporation
(2) Means of contact: email etc.
dwp-admin@dwp.jp.nec.com

15. The right to submit a complaint at the relevant data protection authority

You have the right to lodge a complaint with the supervisory authority, if it exists, in the country or region that the data subject belongs.

16. The right to object if processed for marketing purposes

You have the right to object (free of charge and at first request) against the intended processing of his/her personal data, if the processing is undertaken for direct marketing purposes.

17. Non-existence of Decision-making Based Solely on Automated Processing

The Company may analyze access logs related to the service, but it will not use personal data for automated decision-making or profiling to analyze personal preferences, behavior, or other aspects of an individual to make predictions or decisions that can have substantial impact on that individual.

18. The right to limit the use of sensitive personal data

We do not collect or process sensitive personal data, thus we do not provide an opt-out.

19. The right to opt-out of sales and sharing of your personal data

We do not sell or share your personal data to third parties, thus we do not provide an opt-out.

20. The right to non-discrimination

You have the right against “retaliation” for asserting the data subject rights, such as denying services, charging different prices or rates or suggesting data subject may receive a different price or rate, providing a different quality of goods or services.

21. Opt-in Right for minors

If under 16 years old, the data subjects can consent to the controller's sales or sharing of their personal information for behavioral advertising.  If declined to provide their information, the controller iss required to wait at least 12 months before approaching the data subject again for consent to sell or share their personal information.