Privacy

Privacy Policy
for Overseas Customers

Cyber Security Cloud, Inc. and Cyber Security Cloud Inc. (USA) (hereinafter collectively referred to as “CSC,” “we,” “us,” “our,” or “ours”) have established the following Privacy Policy for Overseas Customers (“Global Privacy Policy”) in order to establish a secured system to protect your personal data and ensure that all executives and employees of CSC recognize the importance of protecting your personal data and are fully committed to doing so when providing our various services (the “Services”).

  • Scope of the Global Privacy Policy
    This Global Privacy Policy applies to our processing of personal data of data subjects located outside of Japan. (If you are a resident of Japan, your personal information is handled based on our Personal Information Protection Policy. Please refer to our Personal Information Protection Policy [here]). When processing your personal data, we comply with this Global Privacy Policy and all applicable laws and regulations. If you are a resident of California, United States, our CA Privacy Policy also applies to the processing of your personal data. The CA Privacy Policy is attached to this Global Privacy Policy as a supplementary document. Please refer to the CA Privacy Policy [here].
  • Management of Personal Data and Security Measures
    We keep your personal data that we collect accurate and up-to-date and do not allow unauthorized access to, loss, damage, alteration, leakage, or disclosure of your personal data. For this purpose, we have implemented the following security measures in view of the nature of personal data and the potential risks thereto:
    • Establishment of Internal Data Protection Policies
      To ensure proper and lawful processing of personal data, we comply with and ensure that our directors and employees comply with our internal data protection policies.
    • Organizational Security Measures
      We have implemented the following measures:
      • We have appointed a person responsible for our processing of personal data;
      • We have clarified the scope of employees who can access personal data and instituted limitations thereon; and
      • We have established reporting systems to respond to security incidents immediately after they are recognized or detected.
    • Personal Safety Control Measures
      • We provide periodic training to our employees regarding information security and processing of personal data.
      • We have established and implemented employment rules to ensure that our employees keep personal data confidential.
    • Physical safety control measures
      • We control the access of employees in order to prevent unauthorized access to personal data.
      • We take appropriate measures to prevent theft or loss of any equipment, electronic media, or documents that contain personal data and to minimize the impact in the event of such theft or loss.
    • Technical security control measures
      • We always try to keep our systems updated in order to protect against unauthorized access.
      • We continually acquire the latest security information, periodically assess security risks, and take appropriate measures against any known threat.
  • Personal Data Collected
    • Categories of Personal Data
      We collect the following personal data about you for the purposes stated in Section 4:
      • Customer Information
        • Name
        • Company name and address
        • Position and title
        • Email address
        • Phone number
        • Any other information that you provide to us when we seek business opportunities with you
      • Information we collect on our website
        • Cookies
        • Device ID
        • Operating system and internet connection-related information
        • Referring URL
        • IP Address
        • URLs viewed and time stamps
        • Other server log information
      • Information we collect in operating Waf Charm (auto-optimization tool)
        • URI
        • Query
        • IP address
        • Host
        • User agent
        • Any other information that you provide to us in relation to the Services

    • Legal basis
      We process your personal data when we obtain your consent or have a legitimate interest in using your personal data. When such legitimate interest is overridden by your interests or fundamental rights and freedoms, we ask you for your prior consent to our processing of personal data for specific purposes of use.
  • Purpose of Use
    We use personal data within the scope of the following purposes. When we need to use your personal data for any purpose not specified below, we obtain your prior consent thereto.
    • To communicate with you for various purposes including direct advertising.
    • To provide you with new product information or technical alerts.
    • To keep you informed about our products, promotions and special offers, the processing of personal information.
    • To respond to or address your requests, enquiries, complaints or feedback.
    • To enhance our customer relationship management including, but not limited to, account management, confirmation of service usage status, etc.
    • To inform you of our services or event information and proposals for cooperation through mail, telephone, email, fax, etc.
    • To improve visitors' experiences on our website and develop our products.
    • To carry out certain processing activities to comply with a legal obligation to which CSC is subject.
  • Prohibition of Disclosure and Provision of Personal Data to Third Parties
    We will not disclose your personal data to any third party, except in the following cases:
    • When you consent to our processing of personal data;
    • When we have a legitimate interest in processing your personal data;
    • When we need to disclose your personal data to perform our obligations under contracts we have entered into with you;
    • When we outsource part of our business to a third party pursuant to appropriate security measures, including, but not limited to, executing a data processing agreement with such third party; and
    • When we share customer information with (i) Cyber Security Cloud, Inc. (Japan) or (ii) Cyber Security Cloud Inc. (US). Provided, however, that Cyber Security Cloud Inc. (US) only processes customer information obtained in the European Economic Area and United Kingdom under the instruction by Cyber Security Cloud, Inc. (Japan). Cyber Security Cloud Inc. (US) may not determine the purpose and means of processing of such information at its own discretion.
  • Transfer of Personal Data
    We may transfer your personal data to countries other than the country of your residence, where the laws and regulations may not provide the same level of the data protection as the country of your residence does. In such cases, we shall take appropriate security measures to ensure that receiving parties are bound by legally enforceable obligations to provide a standard of protection over the transferred personal data comparable to the standard of protection afforded under the laws and regulations of the country of your residence.
  • Retention Period
    We will keep your personal data as long as necessary to fulfil the purposes of use described in Section 4.
  • Revision
    We may revise our Global Privacy Policy from time to time. We recommend that our customers confirm the latest version of this Global Personal Policy before using our Services.
  • Inquiries about Personal Data
    You have the right to access, request the correction of, request the deletion of, request the limitation of the processing of, object to the processing of, and request the data portability of your personal data retained by us. For inquiries or complaints regarding the processing of your personal data, please contact us the following address:

    JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo 141-0021, Japan
    Cyber Security Cloud, Inc.
    Email address: privacy_protection_team@cscloud.co.jp

    Our EU representative under the GDPR for the purposes of this Policy is as follows.
    PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH
    Dr. Bernhard Freund
    Jungfernstieg 1, 20095 Hamburg
    mail@planit.legal

    Our UK representative under the UK GDPR for the purposes of this Policy is as follows.
    TMI Associates London LLP
    Citypoint, One Ropemaker Street, London, EC2Y 9SS
    cscloud_representative@tmi.gr.jp

    Our Data Protection Officer can be reached at data_protection_officer@cscloud.co.jp.

    When we receive a request to exercise such rights, we will promptly perform all investigations necessary and provide the relevant personal data to you or to your nominated representative or otherwise respond to such request.
    You also have the right to lodge a complaint with the local data protection authority if you have any complaint regarding our processing of your personal data.
  • Handling of Website Access Information
    We use Google Analytics to collect access information. Please refer to the Google Analytics Terms of Services and Google Privacy Policy for information regarding Google Analytics’ method of collecting and using access information.
    We use the following Google Analytics advertising functions:
    • Google Analytics, remarketing
    • Google Display Network, display frequency
    • Google Analytics, user distribution and interest categories
    • Google Analytics, Integrated service to collect data using advertising cookies and anonymous IDs
    You can opt out of the above advertising displays at your discretion. Please refer to [Google Analytics Opt-Out Add-On] and Opt-Out in [Advertisement Settings] for further details.

    Date of Establishment: June 28, 2013
    Date of revision: May 1, 2023

CA Privacy Policy

The following supplementary provisions of the Global Privacy Policy apply to the processing of personal information (any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to, directly or indirectly, a particular consumer or household; the same shall apply hereinafter) of California residents in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act, (the “CCPA”).


  • Information Collected by CSC
    We have collected in the last twelve (12) months and will continue to collect the personal information described in Section 3 of the Global Privacy Policy for the purposes stated in Section 4 of the Global Privacy Policy.
  • Disclosure of Personal Information
    We may disclose your personal information to third parties for business or commercial purposes. When disclosing personal information to a service provider or contractor for such purposes, we execute an agreement that indicates such purposes and that requires that the service providers or contractors keep such personal information confidential and not use personal information for any purpose except performing such agreement.

    We have disclosed personal information to the following categories of third parties for business or commercial purposes during the last twelve (12) months:
    • Our affiliated companies;
    • Third parties that provide services to us (such as providers of cloud services in which the data of CSC is processed and stored);
    • Competent authorities as set forth under applicable laws and regulations (including courts and other public authorities that have jurisdiction over CSC); and
    • Any other third parties that may reasonably require access to your personal information in connection with the foregoing purposes.
  • Sale or Sharing of Personal Information
    We have not sold or shared any personal information in the preceding twelve (12) months.

    In these supplementary provisions, the term “sale” means disclosing, etc. your personal information to a third party for monetary or other valuable consideration, and the term “sharing” means disclosing your personal information to a third party for cross-text behavioral advertisements, whether for monetary or other valuable consideration or free of charge.
  • Retention of Personal Information
    We retain your personal information to the extent necessary for the purposes stated in Section 4 of the Global Privacy Policy.

    The criteria for determining CSC retention periods, includes, but is not limited to, the duration of the contractual relationship between you and CSC; the legal obligations assumed by CSC; and a need to perform an agreement to which you are a party.
  • Your Rights and Choices Under the CCPA
    The CCPA grants rights regarding personal information to consumers who are residents of California. The following describes your rights and how to exercise those rights under the CCPA.

    • Right to Access Specific Information
      You have the right to request that CSC disclose certain information to you in relation to the collection, sharing, disclosure, or use of your personal information by CSC over the twelve (12) months preceding the date of your request. Upon receipt and confirmation of your verifiable consumer request, CSC will disclose to you any and all of the following information:
      • The categories of your personal information that CSC has collected;
      • The categories of sources from which CSC has collected your personal information;
      • The business or commercial purposes of CSC for the collection, sale, or sharing of such personal information;
      • The categories of third parties to which CSC discloses, sells, or shares such personal information;
      • The categories of your personal information that CSC has disclosed, sold, or shared; and
      • The specific personal information that CSC has collected about you.

    • Right to Request Deletion
      You have the right to request that CSC delete any of your personal information that CSC has collected from you and retained, subject to certain exceptions. Upon receiving your verifiable consumer request, CSC will delete your personal information from our records and will notify any service providers and contractors, as well as third parties to which CSC has sold or with which CSC has shared personal information, that they must delete such personal information from their records, unless an exception applies.

      CSC may deny your request to delete your personal information if it is necessary for CSC or CSC's service providers or contractors to retain your personal information in order to:
      • Complete the transaction for which CSC collected the personal information, fulfill requirements for a product recall conducted in accordance with a written warranty or federal law, provide a good or service that you requested, enable you to take measures reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform an agreement between CSC and you;
      • Provide support to ensure the security and integrity of your personal information to the extent reasonably and proportionally necessary for the purpose of use;
      • Debug products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of other persons to exercise their free speech rights, or exercise other rights provided by law;
      • Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres or adapts to all other applicable ethics and privacy laws, where CSC’s deletion of such information may render impossible or seriously impair the ability to compete such research, if you previously provided informed consent;
      • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with CSC and compatible with the context in which you provided the information; or
      • Comply with legal obligations.

    • Right to Request Correction of Inaccurate Personal Information
      You have the right to request that CSC corrects any of your inaccurate personal Information that CSC collected from you and retained, subject to certain exceptions. Once CSC receives and confirms your verifiable consumer request, CSC will correct your inaccurate personal information and will notify any service providers and contractors, as well as third parties to which CSC has sold or with which CSC has shared your inaccurate personal information that they must correct such inaccurate personal information. CSC may deny your correction request if we determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.

    • Right to Opt Out of Sale or Sharing
      CSC has not and will not sell or share any personal information collected from you.

    • Right to Request Restriction of Use
      CSC has not and will not collect sensitive personal information from you.

    • Right of Non-Discrimination
      CSC will not discriminate against California residents due to the exercise of any of their rights under the CCPA. Unless permitted by the CCPA, CSC will not engage in any of the following:
      • Denying goods or services to you;
      • Charging you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
      • Providing you with a different level or quality of goods or services;
      • Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services; or
      • Retaliating against an employee, applicant for employment, or independent contractor.

    • Exercising Your Rights to Access, Delete, and Correct
      To exercise your rights to access, delete, and correct your personal information, please submit a verifiable consumer request to CSC by contacting us via the information in “Contact Information for Inquiries and Complaints.”

      Only you, or a natural person or a person registered with the California Secretary of State that you authorize to act on your behalf, or a person who has power of attorney or is acting as a conservator for you, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

      A “verifiable consumer request” must:
      • Provide sufficient information that allows CSC to reasonably verify that you are the person whose personal information CSC has collected or an authorized representative thereof; and
      • Describe your request with sufficient detail that allows CSC to properly understand, evaluate, and respond thereto.
  • Contact Information for Inquiries and Complaints
    Please contact us at the following address for inquiries or complaints about the processing of your personal information:

    Contact Information: privacy_protection_team@cscloud.co.jp
-->