Data Protection Information according to Art. 13, 21 GDPR
1.Who is responsible for processing of personal data
Controller of the processing of personal data is:
Grace & Mercy Foundation Japan,
2-1-1 Nishi Shinjuku, Shinjuku-ku, Tokyo Shinjuku Mitsui Building 4507
2.What we process
We process personal data provided by you or data that is automatically processed while using the Grace & Mercy Foundation Japan App. The personal data we process are:
•When contacting us (e.g. via email), we process the contact data you use for contacting us (e.g. your email address) and any personal data disclosed in the message itself (e.g. your name).
3.For what purpose and on what legal basis do we process personal data
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) for the following purposes.
We process the personal data in order to send you messages about usage of the Grace & Mercy Foundation Japan App and to allow you to continue listening to the chapter you last listened to at the timestamp you stopped listening.
This processing is part of the functionalities of the Grace & Mercy Foundation Japan App and part of our service to you. Therefore we process the personal data to execute a contract with you, Art. 6 (1) lit. b GDPR. To the extent we send you messages this is to notify you of updates and similar content. It is in our legitimate interest to notify you about such optimizations, Art. 6 (1) lit. f GDPR.
Furthermore, we process personal data when you contact us (e.g. via email). The purpose and our legitimate interest of processing your personal data when contacting us is to answer your enquiry and, if applicable, follow-up questions. This processing is based on Art. 6 (1) f. GDPR.
4.Who receives your personal data
Service providers employed by us (processors, see Art. 4 No. 8 GDPR) may receive and process personal data on our behalf. We use the following processors or categories of processors:
•IT service providers
We do not share personal data with third party controllers (see Art. 4 No. 7 GDPR).
5.Transfer of personal data to a Third Country
We transmit your personal data to third countries outside of the European Economic Area (EEA), namely Japan.
Japan is a third country with an adequate level of data protection according to European Commission adequacy decision of 23 January 2019.
6.For how long do we process personal data
We process your personal data as long as they are necessary for the specific processing purposes. As a matter of principle, we store your personal data for the duration of the usage process, unless storage beyond this period is necessary to fulfil the respective processing purposes. In this case we store your personal data as far as this is necessary for the fulfilment of the respective processing purpose.
In particular, we store information relating to the device token and push token until you uninstall the Grace & Mercy Foundation Japan App. For your personal data that you disclose to us when you contact us via email, etc., we will store such personal data until your request is completed.
Every data subject has the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). To exercise those rights, you can contact us under the contact information given in section 1.
If the processing of personal data is based on your consent, you can withdraw it at any time. The withdrawal should, if possible, be directed to the bodies mentioned in section 1.
In addition, if you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy.
8.Representative in the European Union
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), we have appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).
Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.
The objection is not subject to any form. Ideally, it should be lodged at the bodies mentioned in section 1.