GMO Research, Inc. (“we”, “our,” or “us”), as an online market research company, processes the personal data of persons in the EU and the UK in accordance with the General Data Protection Regulation (effective on May 25, 2018) prescribed by the European Commission (EU GDPR) and the UK GDPR, which was adopted in the United Kingdom with effect from 1 January 2021. GMO Research, Inc. is the controller of your personal data and responsible for it.
The types of data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows: Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender. Contact Data includes billing address, delivery address, email address and telephone numbers. Financial Data includes bank account and payment card details. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. Usage Data includes information about how you use our website, products and services. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
In principle, in order to conduct various procedures concerning the Services we provide, we may collect health information for the purpose of to narrow down respondents for surveys, etc., without identifying individuals. When we do this we will obtain your explicit prior consent.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
How we collect your data
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity and Contact by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
apply for our Services;
respond to a survey;
contact us regarding quotations, estimates, billing and other transactions;
make or respond to a customer service or other enquiry;
create an account on our website (for example register as an infoQ member);
subscribe to our publications;
request marketing to be sent to you;
provide or apply to provide services to us;
receive notice of or apply to attend our events/seminars/exhibitions;
enter a competition, promotion or survey; or
give us feedback or contact us.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
Technical Data from the following parties:
(a) analytics providers such as Google based outside the UK;
(b) advertising our networks such as Japan Cloud Panel, Asia Cloud Panel based outside the UK and EU; and
(1) Member information
Request and collecting of surveys, providing services using information already registered as infoQ members.
(2) Personal information from third parties
Request and collecting of surveys, providing services.
(3) Stock Holder
Release information to public, sending production of distribution and communication.
(4) Suppliers information
Negotiations and business contacts, ordering, and claim processing.
(5) Employee Information
Personnel management, duty management, health management and security management.
(6) Applicant information
Our company and our company management services to recruit applicants and manage our recruitment operations.
(7) Inquiry information
Receiving inquiries to our company and for answering.
Acceptance of estimate requests to our company and sending on your request.
(8) Seminar application information
Various contacts concerning seminar information, various correspondence about business talks and services.
(9) Personal information on document download
Various contacts concerning negotiations and services.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Further explanation of these lawful bases are as follows: Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
We use personal information to the extent necessary to achieve the following usage purposes. The lawful basis under the GDPR on which we use your data is also specified.
1) Service (Legitimate interests)
- To conduct and analyse market research and audience engagement surveys
- To find people willing to take part in market research surveys
- To provide sales promotion support, billing, authorisation, and other such services
We use personal data to the extent necessary to achieve the following objectives:
- To communicate in regard to a service agreement (Performance of a contract)
- To respond to a request for information (Performance of a contract)
- To send out announcements regarding seminars (Legitimate interests)
- To send out announcements regarding the usage of contractors, and to send out documents as required (Performance of a contract)
3) Market Research Business (Performance of a contract, Legitimate interests)
We use personal data to the extent necessary to achieve the following business purposes:
- To send out calls for volunteers for surveys, panels etc.
- To manage research panels
- To analyse survey results and report
- To solicit feedback or alert our customers to new features in our products that we think may be of interest (Legitimate interests)
4) Customer Support (Performance of a contract, Legitimate interests)
- To answer the emails we receive and to communicate with our customers regarding the service we provide.
5) Market Research (Legitimate interests)
- For the purpose of analysis with the objective of improving this service and other services provided by us and affiliated companies
6) Service Development (Legitimate interests)
- New service development
- Service improvement
- System development, maintenance, and operation
7) Accounting (Legitimate interests, Performance of a contract, Compliance with legal obligation)
- For tax accounting, accounting, and billing relating to the provision of this and other services.
8) Business management (Legitimate interests, Compliance with a legal obligation)
- As data for business analysis, and usage in analysis results data
- Responding to disclosure request in accordance with Personal Information Protection Laws, and the personal information handling audit
- We disclose information when related to users of our service upon lawful request from domestic or foreign public institutions. (Compliance with a legal obligation)
- When a user makes a request for information, we provide information after having confirmed the identity of the user.(Legitimate interests, Performance of a contract)
Rights of Customers and Other Subjects Concerned
Each customer or the other subject concerned has the following rights regarding EU and UK personal data about himself or herself.
(1) Right to access to his or her own EU and UK personal data and other information relating to his or her personal data.
(2) Right to rectify inaccuracies of his or her EU and UK personal data without undue delay.
(3) Right to erase his or her EU and UK personal data without undue delay.
(4) Right to restrict processing of his or her EU and UK personal data.
(5) Right to receive EU and UK personal data provided by customers or other concerned subjects by himself or herself in a general format that is readable on computers, and right to transfer (i.e. data portability) the EU and UK personal data to other organizations in order for them to manage without hindering transferring process.
(6) Right to object to legitimate interest processing; and processing for direct marketing purposes.
(7) Right not to be subjected to assessments conducted or decisions made through automatic processing such as profiling that have serious impact including legal effects on individuals.
(8) Right to lodge a complaint with a supervisory authority.
See paragraph 13 below for details of how to exercise these rights.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International Transfer of EU and UK Personal Data
Whenever we transfer your personal data out of the UK or the European Economic Area, we ensure a similar degree of protection is afforded to it as under the GDPR by ensuring at least one of the following safeguards are implemented:
We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. Japan has been recognised and determined as a country providing adequate data protection by the European Commission and the UK Government, and we manage EU and UK personal data of customers and other subjects concerned appropriately.
Where we use certain service providers which are not in countries that have been deemed to provide an adequate level of protection for personal data, we may use specific contracts and transfer mechanisms (such as standard contractual clauses and international data transfer agreements) approved for use which give personal data the same protection it has under the GDPR. If you require further information please contact us as stated below.
Archiving, Deletion, Disposal of EU and UK personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
After the defined retention period has expired or the purpose of use has been achieved, we delete EU and UK personal data of customers and other subjects concerned without delay. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
About Cookies and Other Similar Technologies
A cookie is a small file used to transmit information from this site to your browser. When you, as a customer or other visitor, visit this site again, the cookie helps you to use this site more conveniently and is stored in your personal computers/devices.
The stored information does not include information such as your name, your residential address, your phone number and your email address which can be used to identify an individual. A cookie also does not have negative effects on your computers/devices.
Cookie information that is collected from customers and other visitors will be transmitted to and stored in servers at Google LLC, Adobe Systems Incorporated and some other entities from our web servers and our outsourcing contractors such as cloud provider and IT service vendor. We also obtain statistical data concerning access information such as the number of accesses and stay period for this site from stored data by using the Google Analytics service, Adobe Analytics web analytics service that is provided by Adobe Systems Incorporated, and some other services. It is possible to block cookies, if you, as a customer or other visitor, change the settings of your web-browser. In such cases, your ability to use some of the functions of this site may be restricted. Please make contact with the developer and/or distributor of the web-browser that you are using for its setting procedure.
Group-wide Data Protection Officer and Group-wide Representative for EU and UK Personal Data
<Group-wide Data Protection Officer for EU and UK Personal Data (G-DPO)>
GMO Internet, Inc.,
Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya-Ku, Tokyo, 150-8512 , Japan.
Email address: firstname.lastname@example.org
<Group-wide Representative for EU Personal Data>
JANSON BAUGNIET CVBA
E-mail address: email@example.com
<Group-wide Representative for UK Personal Data>
60 Gracechurch Street
London EC3V 0HR
DX 700 London City
E-mail address: firstname.lastname@example.org
You have the right to make a complaint at any time to the data protection supervisory authority in your country. The UK regulator for data protection issues is the Information Commissioner’s Office (https://ico.org.uk/). The details of the relevant authorities in other EU countries can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance at the contact details above.
Disclosure and other requests of EU and UK personal data
Requests for disclosure, correction, addition, deletion, suspension of use, suspension of provision of third party, transferring (data portability) must be dealt with in the following manner. Please be aware that we will not accept requests by telephone, fax, email, verbally or by any method other than that laid out below. Please print out our prescribed form and fill in necessary information. After filling in, please enclose the necessary documents, and send them to the following address by registered mail:
Address: GMO Internet Group, Inc. Cerulean Tower 4-14F, 26-1 Sakuragaokacho, Shibuya ku, Tokyo, 150-8512, Japan.