Article 1 (Definition of Personal Information)
"Personal Information" refers to names, company names, department names, addresses, telephone numbers, email addresses, and other information that can identify a specific individual, or information that can identify a specific individual by collating it with other information.
Article 2 (Acquisition of Personal Information)
The Company acquires the following Personal Information through inquiry forms on the Website, requests for materials, applications for exhibitions and events, and the use of the Service:
- Name, company name, department name, address, telephone number, email address.
- Details of inquiries from the Website, event participation registration information, and product material request information.
- Details of inquiries and related materials regarding the use of the Service.
- Access information (IP address, browser information, browsing history, etc.) via Cookies and access analysis tools (e.g., Google Analytics, Clarity).
Information acquired through Cookies and similar technologies will be used for analysis of site usage status, improvement of convenience, and optimization of ad distribution (including behavioral targeting advertising).
For details on Cookie settings and consent management, please refer to Article 10 and the "Cookie Policy" of each of the Company's websites and the Service.
Article 3 (Purpose of Use)
The Company uses acquired Personal Information for the following purposes:
- Responding to inquiries.
- Guidance on products/services and sales activities.
- Guidance on exhibitions, events, seminars, etc.
- Conclusion of contracts, delivery of products, and provision of after-sales services.
- Usage management and analysis of usage status of the Service.
- Improvement of the Website and the Service, access analysis, and optimization of advertisement distribution.
- Identity verification, contact, notification, legal compliance, and dispute resolution.
- Prevention of and response to fraudulent activities.
Article 4 (Use of Audience Data in Advertisement Distribution)
The Company may utilize the functions of the following services for the optimization of advertisement distribution:
- Facebook Custom Audiences
- LINE Audience Data Utilization Function
- Google Ads Customer Match and Enhanced Conversions
- Yahoo! Japan Advertisement Audience Lists
In these functions, the Company encrypts email addresses, telephone numbers, etc., held by the Company before sending them to each service for use in advertisement distribution. The encrypted information is processed in accordance with the privacy policy of each service.
Opt-out methods:
- Facebook: https://www.facebook.com/settings?tab=ads
- LINE: https://terms.line.me/line_rules/
- Google Ads: https://adssettings.google.com/
- Yahoo! Japan Advertisement: https://btoptout.yahoo.co.jp/optout/index.html
Regarding LINE Advanced Matching and Google Ads Enhanced Conversions:
The Company may use LINE's Advanced Matching function and Google Ads' Enhanced Conversions function to measure advertising effectiveness. In these functions, email addresses, telephone numbers, etc., held by the Company are encrypted before being transmitted and used to measure advertising effectiveness.
Article 5 (Joint Use and Entrustment)
1. Joint Use
The Company jointly uses Personal Information within the following scope:
- Scope of Joint Users: The Company's group companies.
- Items of Personal Data to be Jointly Used: Items listed in Article 2, to the extent necessary to achieve the business purpose.
- Purpose of Use by Joint Users: Purposes described in Article 3.
- Person Responsible for Management: Nasa Corporation; Representative Director Tsutomu Agata (Refer to Article 13 for the contact information).
2. Entrustment
The Company may provide Personal Information to, or entrust the handling of Personal Information to, the following business operators based on contracts:
- Partnered payment processing providers, leasing companies, and loan companies.
- Partner companies supporting sales activities.
- Showroom operators.
- Business operators performing maintenance and operation of business systems, servers, networks, etc., operated by the Company.
The Company obligates these business operators through contracts, etc., to handle Personal Information at a level equivalent to that of the Company. If the recipient is located outside of Japan, appropriate protective measures will be taken in accordance with Article 7, Paragraph 1.
The Company does not sell or share Personal Information with third parties.
Article 6 (Legal Basis for Processing)
The Company processes Personal Information only when one of the following applies:
- The data subject has given consent.
- Processing is necessary for the performance of a contract.
- Processing is necessary for compliance with a legal obligation.
- Processing is necessary for the legitimate interests of the Company, and the rights and freedoms of the customer are not overridden.
Article 7 (Transfer to Outside Japan)
Depending on the content and form of use of the various services provided, the Company may entrust the storage or processing of acquired Personal Information to business operators located outside of Japan (including the Company's group companies). In such cases, appropriate protective measures such as Standard Contractual Clauses (SCC) based on the GDPR will be implemented. The countries of the recipients and the purposes of entrustment are as follows:
- Server Operation and Maintenance
- Transfer Destination Country/Region: Indonesia, Germany
- Server Maintenance
- Transfer Destination Country/Region: Hong Kong, Belgium
- Business Handling by Company's Overseas Subsidiaries
- Transfer Destination Country/Region: Germany, Morocco, China, Taiwan, South Korea
Information regarding Personal Information Protection in each country/region:
Country / Region | Reference URL |
Indonesia | https://peraturan.bpk.go.id/Details/229798/uu-no-27-tahun-2022 |
Germany, Belgium | |
Hong Kong | |
Morocco | |
Taiwan | https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=I0050021 |
South Korea | https://elaw.klri.re.kr/eng_service/lawView.do?hseq=53044&lang=ENG |
China |
Measures for the protection of Personal Information taken by the third-party recipients:
The recipients have implemented measures generally equivalent to those required of personal information handling business operators in Japan regarding the handling of Personal Information.
Article 8 (Retention Period)
The Company retains Personal Information for the period necessary to achieve the purpose of use, and thereafter promptly deletes or anonymizes it.
Article 9 (User Rights)
Customers have rights based on the Act on the Protection of Personal Information and the GDPR, including the following:
- Right of access to Personal Information
- Right to rectification
- Right to erasure (Right to be forgotten)
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Furthermore, residents of the State of California, USA, have the right under the CCPA to request disclosure of the collection status and third-party provision status of their Personal Information, as well as the deletion of their Personal Information.
If you wish to exercise these rights, please contact us via the contact details specified in "Contact Information" in Article 13.
Article 10 (Cookies and Access Analysis)
The Company uses Cookies to improve user convenience and analyze access. Usage status is collected and analyzed in an anonymized form using Google Analytics, Clarity, etc. Regarding the use of Cookies, you can manage your preferences via the consent management banner, etc. To disable Cookies, please use your browser settings. However, please note that some functions may be restricted.
For details on Cookies and consent setting methods, please check the "Cookie Policy" of each of the Company's websites and the Service.
Article 11 (Security Control Measures)
The Company takes appropriate technical and organizational security control measures to protect Personal Information from unauthorized access, leakage, falsification, etc. This includes organizational measures such as employee training and management of contractors, in addition to technical measures such as access control, encryption, and log monitoring. For details on the security control measures taken by the Company, please contact us via the contact details specified in "Contact Information” in Article 13.
Article 12 (Compliance with Laws and Regulations and Revisions)
The Company complies with relevant laws, regulations, and guidelines and revises this Policy as necessary. Revisions will be announced on the Website, and significant changes will be notified via email. The revised content becomes effective at the time it is posted on the Website.
Article 13 (Contact Information)
For inquiries regarding Personal Information, please contact the following:
Nasa Corporation
Address: 78-4 Kanda Sakumagashi, Chiyoda-ku, Tokyo
Email: privacy@nasaco.com
Date of Enactment: September 20, 2025
Date of Last Revision: January 26, 2026