1. Purpose of Processing Personal Data Acquired from Customers and Other Subjects Concerned
GMO Registry, Inc. (hereinafter referred to as "Company", "we", "our" and "us"), as an Internet domain name registry businesses company processing personal data, in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission, we shall process customers’ personal data only within the scope necessary for the intended use that is specified and publicized in advance. However, in the case where it is required by laws and regulations, we may process personal data of customers and other subjects beyond the scope necessary for achieving the intended use specified and publicized in advance. Moreover, providing personal data is indispensable for fulfilling contractual agreement, and therefore if personal data cannot be provided at each customer’s own discretion, providing services to such customer may be hindered.
The purposes for which we use personal data are outlined below.
- We use personal data to the extent necessary to achieve the following objectives.
- (1)To provide assistance to companies applying for new top level domains
- (2)To develop and operate registry system and services
- (3)To provide sales promotion support, billing, authorization, and other services necessary
- We use personal data to the extent necessary to achieve the following objectives.
- (1)To communicate in regard to a service agreement
- (2)To respond to a request for information
- (3)To send out announcements regarding seminars
- (4)To send out announcements regarding the usage of contractors, and to send out documents as required
- 3)Registry Business
- We use personal data to the extent necessary to achieve the following registry business purposes.
- (1)To validate or authenticate applications for domain registration
- (2)To manage domain name registration information
- (3)To use domain name registration services
- (4)To resolve network operation or domain registration technical issues
- (5)To operate the domain name DNS (Domain Name System)
- (6)As domain registration information to be published on Whois in accordance with ICANN contract
- (7)To solicit feedback or alert our customers to new features in our products that we think may be of interest
- 4)Customer Support
- To answer the email we receive and to communicate with our customers regarding the service we provide.
- 5)Market Research
- For the purpose of analysis and to conduct surveys with the objective of improving this service and other services provided by us and affiliated companies
- 6)Service Development
- (1)New service development
- (2)Service improvement
- (3)System development, maintenance, and operation
- For tax accounting, accounting, and billing relating to the provision of this and other services.
- 8)Business management
- (1)As data for business analysis, and usage in analysis results data
- (2)Responding to disclosure request in accordance with Personal Information Protection Laws, and the personal information handling audit
- (1)Will disclose information when related to users of this service upon request from domestic or foreign public institutions.
- (2)When a user makes a request for information, GMO Registry provides information after having confirmed the identity of the user.
- (3)Usage purpose of personal data relating to recruitment candidates.
- ⅰ)For recruiting
- ⅱ)For employment management
- ⅲ)GMO Registry may use personal data for other purposes after having obtained prior consent from candidate.
- (4)Usage purpose of personal data of officers, employees, their family members, and retired employees.
- ⅰ)For business related communications, information sharing, human resource management, payment of salaries, placement of staff, employee evaluation, education training, employee management including welfare programs and occupational safety, provision of employee ID card, and other tasks as proscribed by labor relations laws and ordinances / customs laws and ordinances and social welfare relations laws and ordinances
- ⅱ)For the implementation and management of various procedures required under company regulations
- ⅲ)To provide health insurance and pension funds
- ⅳ)We may use personal data for other purposes after having obtained consent
2. Rights of Customers and Other Subjects Concerned
- Each customer or the other subject concerned has the following rights regarding personal data about himself or herself.
- (1)Right to access to his or her own personal data and other information relating to its personal data.
- (2)Right to rectify inaccuracies of his or her personal data without undue delay
- (3)Right to erase his or her personal data without undue delay
- (4)Right to restrict processing of his or her personal data
- (5)Right to receive personal data provided by customer or other concerned subject by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the personal data to other organizations in order for them to manage without hindering transferring process.
- (6)Right to object to public interest; processing for the interests of Company, a third party or both; and processing for direct marketing for personal data of customers and other subjects concerned.
- (7)Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals.
Note: We do not perform profiling.
- (8)Right to lodge a complaint with a supervisory authority
3. Conditions for Processing of personal data
- We may process personal data when any one of the following cases is applicable, even if we have not obtained consents from customers and/or others concerned.
- (1)When the processing is necessary for the execution of the contract where a customer or other subject concerned himself or herself is the contracting party. Or when the processing is necessary in accordance with request from a customer or other subject concerned at the stage when the contract is not concluded yet.
- (2)When the processing is necessary to comply with the legal obligation that we shall abide by; for example, when following information disclosure orders based on laws and regulations from government agencies etc.
- (3)When the processing is necessary to protect serious interests of customers, other subjects concerned, or both.
- (4)When it is deemed appropriate to investigate, prevent, or take measures against illegal acts or suspicious acts.
- (5)When the processing is necessary for legitimate interests pursued by a third party or us to the extent that its processing does not infringed right, profit, and freedom concerning the privacy of a customer or other subject concerned.
4. Special Types of Personal Data
In principle, in order to conduct various procedures concerning the services providing, we shall obtain prior consent from customers and other subjects concerned.
Moreover, we collect, use and transfer special types of personal data belonging to customers and other subjects concerned such as health conditions and physical characteristics that are necessary in relation to the scope of the purpose; and its personal data shall not be processed except for its purpose.
5. International Transfer of Personal Data
Personal data is transferred to our group companies and outsourcing contractors such as cloud provider, outsourcing company, IT service vendor and data escrow provider located in Japan, countries other than Japan, or both; and may be stored in servers located in those respective country.
Japan and United States have not been recognized and determined as countries providing adequate data protection by the European Commission, however we manage personal data of customers and other subjects concerned appropriately.
In order to appropriately manage personal data of customers and other subjects concerned and prevent leakage, loss and damage of those personal data, including other safety management approaches, we carry out technical, physical, organizational and human related safeguards.
7. Joint Control
We jointly control personal data customers and other subjects concerned that we hold with our group companies in order to promote activities such as service development, service operation and service guidance; and communication with customers and other subjects concerned.
In addition, when we jointly control personal data with our group companies, the scope of responsibility relating to the processing of the personal data of customers and other subjects concerned, and the contact point for inquiries shall be clearly defined among us and group companies.
- Items of personal data that we jointly control are stated as follows:
- ✡Email address;
- ✡Phone number;
- ✡Data of birth;
- ✡Contract details;
- ✡Any other items necessary in accordance with the purpose of use (*)
* For details, please refer to the above section 1, "Purpose of Processing Personal Data Acquired from Customers and Other Subjects Concerned".
The joint controllers are the group companies of us that are listed on:
Note: Group companies may be changed in the future due to new establishment, consolidation, abolishment and other reasons.
8. Transfer of Personal Data
Personal data belonging to customers and other subjects concerned are transferred to our group companies and outsourcing contractors such as cloud provider, outsourcing company, IT service vendor and data escrow provider to which we have subcontracted our business operation to the extent necessary for service provision.
In addition, we request appropriate processing of the transferred personal data to those outsourcing contractors, and manage personal data of customers and other subjects concerned appropriately.
9. Archiving, Deletion, Disposal of personal data
Except where otherwise specified by laws and regulations, we define the retention period of personal data of customers and other subjects concerned within the scope necessary for the purpose of use.
After the defined retention period has expired or the purpose of use has been achieved, we erase personal data of customers and other subjects concerned without delay.
10. About Cookies and Other Similar Technologies.
A cookie is an information used to transmit information from this site to your browser. When you, as a customer or other visitor, visit this site again, the cookie helps you to use this site more conveniently and is stored in your personal computers/devices.
Furthermore, the stored information does not include information such as your name, your residential address, your phone number and your email address which can be used to identify an individual.
Cookie does not also have negative effects on your computers/devices.
Cookie information that is collected from customers and other visitors will be transmitted to and stored in servers at Google LLC, Adobe Systems Incorporated and some other entities from our web servers.
We also obtain statistical data concerning access information such as the number of accesses and stay period for this site from stored data by using Google Analytics service, Adobe Analytics that is provided by Adobe Systems Incorporated and some other services.
It is possible to block cookie, if you, as a customer or other visitor, change the setting of your web-browser. In such cases, you will not have a trouble viewing this site except for some functions. Please make contact with the developer and/or distributor of the web-browser that you are using for its setting procedure.
11. Group-wide Data Protection Officer and Group-wide Representative for Personal Data
<Group-wide Data Protection Officer for Personal Data (G-DPO)>
GMO Internet, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512 , Japan.
Email address: firstname.lastname@example.org
<Group-wide Representative for Personal Data>
GMO GlobalSign Ltd.
Sandling Road, Maidstone, Kent
ME14 2LP, United Kingdom
Email address: email@example.com
12. Claims and Inquiries
13. Disclosure and other requests of EU personal data
Requests for Disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) shall be dealt with in the following manner.
Please be aware that we will not accept requests by telephone, fax, email, verbally or by any method other than that laid out below.
Please print out our prescribed form and fill in necessary information.
After filling in, please enclose the necessary documents, and send them to the following address by certified mail.
GMO Internet, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512, Japan.
Disclosure and Other Requests Form is below,
Disclosure and Other Requests on EU Personal Data