GMO REGISTRY

Privacy Policy

1. Introduction

GMO Registry, Inc. (“we”, “our,” or “us”), as an Internet domain name registry businesses company, processes the personal data of persons in the EU and the UK in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission (EU GDPR) and the UK GDPR, which was adopted in the United Kingdom with effect from 1 January 2021. GMO Brand Security, Inc. is the controller of your personal data and responsible for it.

This privacy policy aims to provide information on how we collect and process personal data through your use of this website, including any data you may provide through this website when you use our service (“Service”) or sign up for our marketing materials or newsletters.

2. The types of data we collect

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].
Contact Data includes [billing address, delivery address, email address and telephone numbers].
Financial Data includes [bank account and payment card details].
Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
Profile Data includes [your username and password, purchases or orders made by you, [your interests, preferences, feedback and survey responses]].
Usage Data includes [information about how you use our website, products and services].
Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].

[We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.]

OR

[In principle, in order to conduct various procedures concerning the Services we provide, we may collect [describe types of special category data involved] for the purpose of [describe why data is collected and used]. When we do this we will obtain your explicit prior consent.]

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

3. How we collect your data

We use different methods to collect data from and about you including through:

•Direct interactions. You may give us your [Identity, Contact and Financial Data] by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you [DELETE OR ADD TO THIS LIST AS APPROPRIATE]:

  1. apply for our Services;
  2. contact us regarding quotations, estimates, billing and other transactions
  3. make or respond to a customer service or other enquiry;
  4. create an account on our website;
  5. subscribe to our Service or publications;
  6. request marketing to be sent to you;
  7. receive notice of or apply to attend our services/seminars/exhibitions
  8. enter a competition, promotion or survey; or
  9. give us feedback or contact us.

•Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, [server logs] and other similar technologies. [We may also receive Technical Data about you if you visit other websites employing our cookies.] [Please see [item [ ] below] [our cookie policy [LINK]] for further details.]

•Third parties or publicly available sources. We will receive personal data about you from various third parties [and public sources] as set out below [DELETE OR ADD TO THIS LIST AS APPROPRIATE]:

•Technical Data from the following parties:
  1. (a)analytics providers [such as Google based outside the UK];
  2. (b)advertising networks [such as [NAME] based [inside OR outside] the UK and EU]; and
  3. (c)search information providers [such as [NAME] based [inside OR outside] the UK and EU].

•Contact, Financial and Transaction Data from providers of technical, payment and delivery services [such as [NAME] based [inside OR outside] the UK and EU].

•Identity and Contact Data from data brokers or aggregators [such as [NAME] based [inside OR outside] the UK and EU].

•[ANY OTHER WAYS YOU COLLECT PERSONAL DATA].

4. How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

•Where we need to perform the contract we are about to enter into or have entered into with you.

•Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

•Where we need to comply with a legal obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Further explanation of these lawful bases are as follows:

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

We use personal information to the extent necessary to achieve the following usage purposes. The lawful basis under the GDPR on which we use your data is also specified.

1) Service (Legitimate interests)
  1. To provide assistance to companies applying for new top level domains
  2. To develop and operate registry system and services
  3. To provide sales promotion support, billing, authorisation, and other such services
2) Contracts
We use personal data to the extent necessary to achieve the following objectives:
  1. To communicate in regard to a service agreement (Performance of a contract)
  2. To respond to a request for information (Performance of a contract)
  3. To send out announcements regarding seminars (Legitimate interests)
  4. To send out announcements regarding the usage of contractors, and to send out documents as required (Performance of a contract)
3) Registry Business (Performance of a contract, Legitimate interests)
We use personal data to the extent necessary to achieve the following registry business purposes:
  1. To validate or authenticate applications for domain registration
  2. To manage domain name registration information
  3. To use domain name registration services
  4. To resolve network operation or domain registration technical issues
  5. To operate the domain name DNS (Domain Name System)
  6. As domain registration information to be published on Whois in accordance with ICANN contract
4) To solicit feedback or alert our customers to new features in our products that we think may be of interest (Legitimate interests)
5) Customer Support (Performance of a contract, Legitimate interests)
  1. To answer the email we receive and to communicate with our customers regarding the service we provide.
6) Market Research (Legitimate interests)
  1. For the purpose of analysis and to conduct surveys with the objective of improving this service and other services provided by us and affiliated companies
7) Service Development (Legitimate interests)
  1. New service development
  2. Service improvement
  3. System development, maintenance, and operation
8) Accounting (Legitimate interests, Performance of a contract, Compliance with legal obligation)
  1. For tax accounting, accounting, and billing relating to the provision of this and other services.
9) Business management (Legitimate interests, Compliance with a legal obligation)
  1. As data for business analysis, and usage in analysis results data
  2. Responding to disclosure request in accordance with Personal Information Protection Laws, and the personal information handling audit
10) Others
  1. Will disclose information when related to users of our service upon request from domestic or foreign public institutions. (Compliance with a legal obligation)
  2. When a user makes a request for information, GMO Registry provides information after having confirmed the identity of the user. (Legitimate interests, Performance of a contract)

5. Rights of Customers and Other Subjects Concerned

Each customer or the other subject concerned has the following rights regarding EU and UK personal data about himself or herself.
  1. (1) Right to access to his or her own EU and UK personal data and other information relating to his or her personal data
  2. (2) Right to rectify inaccuracies of his or her EU and UK personal data without undue delay
  3. (3)Right to erase his or her EU and UK personal data without undue delay
  4. (4) Right to restrict processing of his or her EU and UK personal data
  5. (5) Right to receive EU and UK personal data provided by customers or other concerned subjects by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the EU and UK personal data to other organizations in order for them to manage without hindering transferring process
  6. (6) Right to object to legitimate interest processing; and processing for direct marketing purposes
  7. (7) Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals
  8. (8) Right to lodge a complaint with a supervisory authority

See paragraph 13 below for details of how to exercise these rights.

Marketing
  1. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers
  1. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
    You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third party marketing
  1. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
  1. You can ask us or third parties to stop sending you marketing messages at any time [by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences OR by following the opt-out links on any marketing message sent to you OR by contacting us at any time].
Change of purpose
  1. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. Safeguards

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out above.

•Other companies in our GMO group (Refers to affiliate companies listed in https://www.gmo.jp/company-profile/groupinfo/). The personal data shared are name, address, email address, phone number, gender, date of birth, background, contract details and any other items necessary for the purposes for which GMO uses personal data. The purpose of use is defined by the scope of “Purpose of Use of Personal Information” specified by GMO Internet Group, Inc., and GMO Internet Group companies, and is common to all shared users. Principally the shared use is in order to promote activities such as service development and service guidance; and communication with customers and other data subjects concerned. Shared use is supervised by Chief Administrator, GMO Internet Group, Inc. (Representative, Representative Director, Group Representative, Masatoshi Kumagai)

•Outsourced service providers acting as processors who provide cloud services, IT system administration and data escrow services.

•Professional advisers including lawyers, bankers, auditors and insurers based in the UK, EU and Japan who provide [consultancy, banking, legal, insurance and accounting services].

•Regulators and other authorities based in the United Kingdom and EU who require reporting of processing activities in certain circumstances.

•Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Transfer of EU and UK Personal Data

Whenever we transfer your personal data out of the UK or the European Economic Area, we ensure a similar degree of protection is afforded to it as under the GDPR by ensuring the following safeguards are implemented:

•We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. Japan has been recognised and determined as a country providing adequate data protection by the European Commission and the UK Government, and we manage EU and UK personal data of customers and other subjects concerned appropriately.

9. Archiving, Deletion, Disposal of EU and UK personal data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

After the defined retention period has expired or the purpose of use has been achieved, we delete EU and UK personal data of customers and other subjects concerned without delay.
[In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.]

10. About Cookies and Other Similar Technologies.

We use cookies on this site with a view to increasing its usability. When you re-visit this site, cookies are used for, for example, user tracking, re-targeting advertisements, affiliate advertising and retaining login information of registered users, and users can view this site more convenient.

A cookie is a small file used to transmit information from this site to your browser. When you, as a customer or other visitor, visit this site again, the cookie helps you to use this site more conveniently and is stored in your personal computers/devices.

The stored information does not include information such as your name, your residential address, your phone number and your email address which can be used to identify an individual.

Cookie does not also have negative effects on your computers/devices.

Cookie information that is collected from customers and other visitors will be transmitted to and stored in servers at Google LLC, Adobe Systems Incorporated and some other entities from our web servers.

We also obtain statistical data concerning access information such as the number of accesses and stay period for this site from stored data by using Google Analytics service, Adobe Analytics that is provided by Adobe Systems Incorporated and some other services.

It is possible to block cookie, if you, as a customer or other visitor, change the setting of your web-browser. In such cases, you will not have a trouble viewing this site except for some functions. Please make contact with the developer and/or distributor of the web-browser that you are using for its setting procedure.

11. Group-wide Data Protection Officer and Group-wide Representative for EU and UK Personal Data

<Group-wide Data Protection Officer for EU and UK Personal Data (G-DPO)>
GMO Internet Group, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512 , Japan.
Email address: [email protected]

<Group-wide Representative for EU Personal Data>
JANSON BAUGNIET CVBA
Congreslaan 27
B-9000 Ghent
BELGIUM
Sandling Road, Maidstone, Kent
ME14 2LP, United Kingdom
Email address: [email protected]

<Group-wide Representative for UK Personal Data>
Shakespeare Martineau
60 Gracechurch Street
London EC3V 0HR
DX 700 London City
Email address: [email protected]

12. Claims and Inquiries

For inquiries regarding this privacy policy, please make contact to the following contact point.
URL: https://www.gmo.jp/en/contact/gdprform/

You have the right to make a complaint at any time to the data protection supervisory authority in your country. The UK regulator for data protection issues is the Information Commissioner’s Office (www.ico.org.uk). The details of the relevant authorities in other EU countries can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so, please contact us in the first instance at the contact details above.

13. Disclosure and other requests of EU and UK personal data

Requests for Disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) must be dealt with in the following manner.

Please be aware that we will not accept requests by telephone, fax, email, verbally or by any method other than that laid out below.

Please print out our prescribed form and fill in necessary information.

After filling in, please enclose the necessary documents, and send them to the following address by registered mail.

Address
GMO Internet Group, Inc.
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512, Japan.

Disclosure and Other Requests Form is below,
Disclosure and Other Requests on EU and UK Personal Data

pagetop