Skip to content

Privacy Policy

Please find below the privacy policy set out by Driving-Japan.

[Date: 01.09.2023]

This privacy policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions, and content, as well as external online presences, such as our social media profiles (collectively referred to as the “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Controller

Driving-Japan from Switzerland

Types of processed data:

  • Contact data (e.g., name, email, phone numbers)
  • Content data (e.g., text inputs, photographs, videos)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Purpose of processing:

  • Providing of the online offering, its functions, and content
  • Responding to contact inquiries and communicating with users
  • Security measures
  • Reach measurement/marketing

Relevant legal bases

According to Art. 13 GDPR, we inform you about the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e., the EU and the European Economic Area (EEA), the following applies if the legal basis is not mentioned in the privacy policy: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the execution of contractual measures and responding to inquiries is Art. 6(1)(b) GDPR, the legal basis for processing for compliance with our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR.

Security measures

In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk.

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (except of credit card data, which will be processed directly by PayPal and never accessed by us), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Data Retention Period

Order data, including but not limited to customer information, transaction details, and order history, is retained for a period of 90 days from the date of order placement. This retention period allows us to fulfill orders, provide customer support, and comply with legal and regulatory requirements.

Data Deletion

At the end of the 90-day retention period, all order data will be securely and permanently deleted from our systems. This includes personal information provided during the order process, such as name, contact details, shipping address, and payment information.

Exceptions

  • Certain transactional data may be retained for a longer period if required for legal, accounting, or audit purposes.
  • Customers have the option to request the deletion of their data before the end of the retention period by contacting our customer support team.

Collaboration with processors and third parties

If, within the scope of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract), if you have consented, if a legal obligation provides for it, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure, or transfer of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, on the basis of your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, processing is carried out based on special guarantees, such as the officially recognized determination of a level of data protection equivalent to that of the EU (e.g., for the USA through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of data subjects

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, access to the personal data and information specified in Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request the completion of incomplete personal data or the rectification of inaccurate personal data concerning you.

In accordance with Art. 17 GDPR, you have the right to request the erasure of personal data concerning you without undue delay, or alternatively, in accordance with Art. 18 GDPR, to demand a restriction of processing.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. Usage of a cookie is not linked to any personally identifiable information on our site. This site uses two types of cookies; analytics cookies and site cookies. Site cookies are essential to processing your order and using the website.

Other Websites

We use a payment processing company to bill users for goods and services and an email notification company to email order notifications. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order and are GDPR compliant where required by law.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via form, Whatsapp or Messenger (See FAQ).