This Japan Privacy Schedule supplements our General Privacy Notice and applies where the Act on the Protection of Personal Information of Japan applies to our processing of personal information.

For the purposes of this Privacy Schedule, “personal information”, “personal data”, “retained personal data”, “special care-required personal information” and related terms have the meanings given under Japanese law.

Otherwise, unless defined herein, capitalised terms in this Privacy Schedule shall be as defined in our General Privacy Notice.In particular, “Agency” and “Agency Group” refer to the specific agency, legal entity or group of entities responsible for the relevant processing, as described in the General Privacy Notice.

The business operator responsible for handling your personal information will usually be the Agency Group entity with which you or your organisation has a relationship, or which operates the relevant website, event or service.

You may contact us at: DPO@the-independents.com

Where required by Japanese law, details of the relevant entity, including its name, address and representative, will be provided separately or on request.Please see our General Privacy Notice for further details.

We may process the following categories of personal information:

Identity and contact information

Examples:
Name, employer, job title, business address, email address, telephone number, professional profile details

Business communications

Examples:
Emails, messages, meeting notes, event interactions and professional correspondence

Profile and relationship information

Examples:
Preferences, event attendance, interests, feedback, marketing preferences and relationship management notes

Technical and usage information

Examples:
IP address, browser type, device identifiers, website usage, cookie and analytics information

Compliance information

Examples:
Information used for sanctions, anti-bribery, KYC, onboarding, supplier/client screening and related checks

Financial and transaction information

Examples:
Invoicing details, payment information, purchase order details and transaction records

Other information

Examples:
Information you or your organisation provide to us in the course of business

We use personal information for the purposes described in our General Privacy Notice, including:

• managing our business relationship with you or your organisation;
• communicating with you;
• providing or receiving services;
• administering contracts, projects, accounts, procurement and payments;
• organising and managing events;
• conducting compliance, sanctions, anti-bribery, KYC and onboarding checks;
• sending business updates, invitations and marketing communications, where permitted;
• maintaining and improving our website, systems, services and operations;
• group administration, reporting and internal business operations;
• protecting our business, systems, staff, clients and partners;
• corporate transactions, reorganisations and integrations; and
• complying with legal, regulatory, tax, accounting and reporting obligations.

We will not use personal information beyond these purposes except where permitted by applicable law.

We do not usually seek to collect special care-required personal information from business contacts.

Where we process special care-required personal information, we will do so only where permitted by Japanese law and, where required, with your consent.

We may provide personal information to third parties as described in our General Privacy Notice, including:

• Agency Group and The Independents Group companies;
• IT, hosting, CRM, email, marketing, analytics and system administration providers;
• event partners and business partners;
• professional advisers;
• compliance screening providers;
• regulators, courts, public authorities and law enforcement bodies; and
• parties involved in corporate transactions, reorganisations or integrations.

Where required by Japanese law, we will obtain consent before providing personal data to a third party, unless an exception applies.

Because we are part of an international group, personal information may be transferred outside Japan to Agency Group entities, The Independents Group entities and service providers in other jurisdictions, including the EEA, UK, United States, Hong Kong, Singapore, Korea, PRC / Mainland China, Switzerland, UAE and other jurisdictions in which we or our service providers operate.

Where required by Japanese law, before transferring personal data to a third party outside Japan, we will obtain consent or rely on another permitted transfer mechanism. Where required, we will provide information about the recipient country, the data protection system in that country and the measures taken by the recipient to protect personal data.

You may contact us for further information about overseas transfers.

Where permitted by Japanese law, personal information may be jointly used within Agency Group and The Independents Group for the purposes described in this Privacy Schedule.

Categories of jointly used personal information
Identity and Contact Data, Business Communications, Profile Data, Technical Data, Due Diligence and Compliance Data, Financial and Transaction Data and other relevant business contact information

Scope of joint users
Agency Group companies and The Independents Group companies

Purposes of joint use
Business relationship management, service delivery, group administration, reporting, marketing, compliance, internal operations, systems management and corporate transactions

Entity responsible for joint use
The relevant Agency Group entity with which you or your organisation has a relationship, or such other group entity identified to you where required

Contact
DPO@the-independents.com

Where Japanese law requires more specific information about the responsible entity, including its name, address and representative, this will be provided in the General Privacy Notice, a separate Japan local notice, on our website or otherwise as required by Japanese law. Please see our General Privacy Notice for further details.

We take appropriate security control measures to protect personal information from unauthorised access, loss, destruction, alteration, leakage or disclosure.

These measures may include access controls, confidentiality obligations, staff training, internal policies, technical security measures, vendor management, incident response procedures and other organisational, technical and administrative safeguards.

Further information about our security control measures is available on request, subject to protection of security-sensitive information.

We retain personal information only for as long as reasonably necessary for the purposes for which it was obtained, including to manage business relationships, provide or receive services, administer projects, accounts and events, maintain business records, comply with legal, regulatory, tax, accounting and reporting obligations, resolve disputes and protect our legal rights.

In general: