1. Basic Principles of the Company
Citadel AI Inc.(hereinafter referred to as the “Company”) has established the following privacy policy for the handling of personal information of customers who visit the website provided by the Company (https://www.citadel.co.jp/en ; hereinafter referred to as the “Site”) and customers who use the services provided by the Company (hereinafter collectively referred to as the “Customer” or “Customers”), and promotes the protection of personal information by establishing a system of personal information security, making all employees recognize the importance of personal information protection and ensuring that all employees fully comply with these measures.
2. Definition
(1) “Personal Information” means the personal information that is specified in Article 2(1) of the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the “Personal Information Protection Act”) and refers to information relating to a living individual that can identify a specific individual by name, date of birth or other description contained in such information, or that contains a personal identification code.
(2) “Personal Data” refers to Personal Information comprising personal information databases, etc. (Article 16(1) of the Personal Information Protection Act) as defined in Article 16(3) of the Personal Information Protection Act.
3. Scope of Information Collected
(1) On our Services, the Company will collect Customers’ address, name, email address, telephone number and other contact information, as well as information that Customers transmit, post or provide to our Services.
(2) On our Site, when Customers use the email form to send us Customers’ comments or questions, the Company may ask Customers to fill in Customers’ address, name, telephone number, email address, etc., and the Company will collect the information Customers provide.
This Site automatically collects Internet domain names, IP addresses, site search query information, and other information related to browsing this site. Please note that cookies (information sent from our server to Customer’s browser and stored on Customer’s computer in order to identify Customers on our server side) are limited to contents for the purpose of improving usability and do not contain any information that can identify you personally.
4. Purpose of Use
The Company will acquire and use Customers’ Personal Information to the extent necessary for the following purposes. If the Company intends to use Personal Information beyond the scope of the following purposes, the Company will obtain prior consent from Customers in an appropriate manner.
(1) To provide and operate our Services
(2) To improve and enhance our Services or develop new services
(3) To provide information on new features, updates, campaigns, etc. of our Services and other services provided by us (including sending e-mails, flyers, and other direct mailings)
(4) To contact Customers as necessary for maintenance, important notices, etc.
(5) To respond to opinions, inquiries, etc. from Customers regarding our Services (including to confirm the identity of the Customer)
(6) To report to Customers on the use of our Services
(7) To request Customers’ cooperation in surveys, interviews, etc. related to our Services, to request Customers’ participation in various events, or to report the results of such events, etc.
(8) To research and analyze the usage history of our Services and use the results to improve and develop our Services and to deliver advertisements
(9) To solicit, advertise, or otherwise market our products and Services in accordance with the interests of our Customers based on analysis of Customers’ attributes, usage history of our Services, etc.
(10) To identify Customers who violate the terms of use of our Services or who attempt to use our Services for fraudulent or unfair purposes, and to refuse their use of our services
5. Provision of Personal Data to third parties
The Company will not disclose or provide Personal Information to third parties without the consent of the Customers, except in the following cases.
(1) When it is necessary for the protection of a person’s life, body, or property and it is difficult to obtain the Customers’ consent
(2) When the provision of Personal Information is particularly necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the Customers’ consent
(3) When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and in which obtaining the Customers’ consent may impede the execution of such affairs.
(4) Other cases permitted by laws and regulations
6. Measures to ensure safety
The Company shall take necessary measures to prevent leakage, loss, or damage of collected information and to otherwise properly manage collected information.
7. Disclosure of Retained Personal Data
When the Company receive a request from a Customer (limited to the Customer himself/herself; the same shall apply hereinafter in this Article) for disclosure of his/her personal data held by the Company, the Company will disclose such data to the Customer without delay. However, if the disclosure falls under any of the following cases, the Company may not disclose all or part of the data, and if the Company decide not to disclose the data, the Company will notify the Customer without delay.
(1) If there is a risk of harm to the life, body, property, or other rights or interests of the customer or a third party
(2) If there is a risk of significant hindrance to the proper conduct of our business
(3) Other cases that would violate laws and regulations
Please note that a handling fee of 1,000 yen (excluding consumption tax, etc.) will be charged to the customer for the disclosure of personal data held by the Company.
8. Correction, etc. of Retained Personal Data
(1) If Personal Data held by the Company is incorrect, the Customer may request the Company to correct, add to, or delete such Personal Data (hereinafter referred to as “Correction, etc.”).
(2) Upon receiving a request as described in (1) above, the Company will conduct the necessary investigation without delay, and if the Company determines that there is a reason for the request, the Company will correct the relevant Personal Data without delay.
(3) If the Company decides to make or not to make a Correction, etc. based on (2) above, the Company will contact the Customer without delay.
9. Suspension of Use of Retained Personal Data, etc.
(1) A Customer may request the Company to stop using, erase, or stop providing to a third party (hereinafter referred to as “Stop Use, etc.”) the Personal Data held by the Company.
(2) Upon receiving a request as described in (1) above, the Company will conduct the necessary investigation without delay, and if the Company determine that there is a reason for the request, the Company will cease use of the relevant Personal Data. However, in cases where it is difficult to suspend the use of the Personal Data due to the large amount of costs involved or other difficulties in doing so, and where alternative measures can be taken to protect the rights and interests of the Customer, this alternative measure will be taken.
(3) If the Company decides to suspend or not to suspend the use of Personal Information in accordance with (2) above, the Company will contact the Customer without delay.
10. Name of representative and Personal Information Protection Manager
The names of our representative and personal information protection manager are as follows.
Representative: Hironori Kobayashi
(Contact for inquiries)
Citadel AI Inc.
Address: Yoyogi 4-62-7-103, Shibuya-ku, Tokyo, Japan
E-mail address: info@citadel.co.jp
GDPR Privacy Notice
1. Privacy matters to us
Citadel AI Inc. (hereinafter referred to as the “Company”or we) has established the following privacy policy for the handling of personal information of customers who visit the website provided by Citadel AI (https://www.citadel.co.jp/en; hereinafter referred to as the “Site”) and customers or business clients who use the services provided by Citadel AI (hereinafter collectively referred to as the “Customer” or “Customers” or you) in the European Union, and promotes the protection of personal information by establishing a system of personal information security, making all employees recognize the importance of personal information protection and ensuring that all employees fully comply with these measures.This Privacy Statement aims to give you an explanation of the GDPR and your rights as an individual under this regulation. It also describes how we use and process the personal data we obtain from you when you visit our website or when you work with us as a business partner. We may update this Privacy Statement from time to time. We encourage you periodically to review this page for the latest information on our privacy practices.
2. Data collection and usage
In most cases, the Company processes personal data on behalf of a Data Controller. A Data Controller determines the purpose of data processing and specifies how the data should be processed. The Company acts as the Processor, processing data on behalf of the Data Controller.
Next to that, the Company processes personal data from our website visitors and business partners.
We may collect information about you:
– directly from you, such as the information you provided to us as one of our business partners;
– when you visit our website.
3. Scope of Information Collected
According to the GDPR personal data is considered to be any information that relates to an identified or identifiable individual.
(1) Via providing our Services, the Company will collect Customers’ address, name, email address, telephone number and other contact information, as well as information that Customers transmit, post or provide to our Services.
(2) On our Site, when Customers use the email form to send us Customers’ comments or questions, the Company may ask Customers to fill in Customers’ address, name, telephone number, email address, etc., and the Company will collect the information Customers provide.
This Site automatically collects Internet domain names, IP addresses, site search query information, and other information related to browsing this site.
4. Purpose of Use
The Company will acquire and use Customers’ Personal Information to the extent necessary for the following purposes. If the Company intends to use Personal Information beyond the scope of the following purposes, the Company will obtain prior consent from Customers in an appropriate manner.
| Purpose | Legal base for processing |
|---|---|
| To provide and operate our Services | performance of a contract |
| To improve and enhance our Services or develop new services | legitimate interest |
| To provide information on new features, updates, campaigns, etc. of our Services and other services provided by us (including sending e-mails, flyers, and other direct mailings) | consent or legitimate interest |
| To contact Customers as necessary for maintenance, important notices, etc. | performance of a contract |
| To respond to opinions, inquiries, etc. from Customers regarding our Services; | performance of a contract |
| To report to Customers on the use of our Services; | performance of a contract |
| To request Customers’ cooperation in surveys, interviews, etc. related to our Services, to request Customers’ participation in various events, or to report the results of such events, etc | legitimate interest |
| To analyze and collect data that allows us to understand how you interact with us via our website. These insights allow us to both improve content and build better features that enhance your experience. | consent |
5. Provision of Personal Data to third parties
The Company will not disclose or provide Personal Information to third parties without the consent of the Customers, except in the following cases.
(1) When it is necessary for the protection of a person’s life, body, or property and it is difficult to obtain the Customers’ consent;
(2) When the provision of Personal Information is particularly necessary for improving public health or promoting the sound growth of children and in which it is difficult to obtain the Customers’ consent;
(3) Other cases permitted by laws and regulations.
The data processing of our EU customers takes place within the EU and does not leave the European Economic Area (EEA).
6. Measures to ensure safety
The Company shall take all measures necessary from technical and organisational point of view to prevent unauthorised access to personal data, loss, destruction, falsification and leakage of personal data, such as data encryption, access control to our premises, and a limited group of employees with access to the data. The Company shall select service providers, which handle personal data in an appropriate manner, and will supervise service providers as necessary and appropriate to ensure the security control of the Personal data.
The Company does not retain personal data for longer than two years after the end of a contract with its Customers, unless the Company is legally obligated to retain data for a longer period. The Company will not retain the datasets shared by customers with us for longer than necessary, up to a maximum of one month after the contract’s expiration, unless the customer has already deleted the data themselves.
7. Disclosure of Personal Data
The Company will not disclose data from the Customer to any party. However, if the disclosure falls under any of the following scenarios, The Company may disclose (a part of) the data:
(1) When the Customer agrees to the disclosure;
(2) If the Company has a good faith belief that the Company is required to provide information in response to a subpoena, court order, or other applicable law or legal process, or to respond to an emergency involving the danger, death or serious bodily harm;
(3) Other cases in order to comply with laws and regulations.
8. The Customers’ rights regarding the processing of personal data
The Customers have many rights regarding their personal data. Read more about them below. If the Customers would like to exercise them or learn more, feel free to contact us. The Customers can find contact details at the end of this statement. Please note that some of the rights may not be applicable to your situation.
• Right of access
The Customers have the right to know what personal data we process and why. That’s why the Company informs you in advance about the processing activities via this Privacy Statement. If the Customers have any questions, or would the Customers like to learn more about what information the Company processes from you, the Customers are always welcome to contact us and the Company will provide you with further information.
• Right to rectification
If the Customers believe the Company stores wrong information about you, such as your name or address, you can ask us to correct this.
• Right to erasure / right to be forgotten
The Customers have the right to tell us to permanently erase the Customers’ personal data from our records. You can do this for example if you believe there’s no longer any need for us to keep it. Or, if you previously have given your permission, you can just decide to withdraw it.
• Right to restrict the processing activities
The Customers have the right to restrict our processing activities in certain situations. This means the Company will continue to store your information, but the Company will temporarily stop any other processing. Why would you want to do this? For example if you’ve asked us to fix incorrect information. In this situation you may want us to stop processing until the information is correct.
• Right to data portability
In certain situations the Customers have the right to ask us to send your personal data in digital form to you, so that you can forward it to someone else.
• Right to object
The Customers have the right to object to the processing of your information, even when the Company has a legitimate legal reason to process it. You can do this when we process your information on the basis of our legitimate interest, and you believe that your personal interest outweighs ours. If you do not want us using your information for direct marketing purposes, including profiling, we will comply in any case.
• Right to withdraw consent
If the Company processes your personal data based on your consent, you have the right to withdraw your consent anytime.
To exercise your rights, please contact us via privacy@citadel.co.jp.
Finally, if you aren’t satisfied with the way we treat your personal data, you have the right to lodge a complaint with the Dutch Data Protection Authority via the website.
9. Contact:
If you have questions about our privacy statement or practices or wish to exercise your rights, please feel free to get in touch. You can contact us at:
Representative: Hironori Kobayashi (Contact for inquiries)
Citadel AI Inc.
Address: Yoyogi 4-62-7-103, Shibuya-ku, Tokyo, Japan
E-mail address: privacy@citadel.co.jp
