Privacy Policy

Last Updated and Effective: September 4, 2023
Updated: April 6, 2023
Updated: January 12, 2023
Updated: April 1, 2022
Updated: November 1, 2021
Updated: July 16, 2020
Updated: January 14, 2020
Updated: October 31, 2018
Updated: May 25, 2018
First Published: March 4, 2016

Introduction.

The purpose of this Privacy Policy is to describe how VisasQ Inc. and its affiliated companies (“VisasQ” or “we” or “us”) collects, uses, and shares information about you generally, including through VisasQ’s online interfaces (e.g., websites and online portals) owned and controlled by us, including https://visasq.co.jp and https://service.visasq.com (collectively referred to herein as the “Site”; all such data “Personal Data”).

We may modify this Privacy Policy and if any material changes are made to it, we will provide notice through our services or by other means to provide you the opportunity to review the changes before they become effective.

You acknowledge that your continued use of the Site after we publish or send a notice about our changes to this Privacy Policy means that the collection, use, and sharing of your Personal Data is subject to the updated Privacy Policy.

Data this Privacy Policy Covers.

This Privacy Policy covers Personal Data, including through our Site. Some of our Site’s functionality can be used without revealing any Personal Data, though for some features, Personal Data is required. In order to access certain features on our Site, you may need to submit or we may collect, Personal Data. Personal Data does not include information that is anonymized.

Personal Data We Collect Related to Your Use of Our Website.

We may track, collect, and aggregate information from your use of the Site, through the use of cookies or otherwise, indicating, among other things, which pages of our Site were visited, the order in which they were visited, when they were visited, and which hyperlinks were clicked. We also collect your IP address and standard log information, such as your browser type and operating system.

Personal Data We Collect Provided Directly by You or by Third Parties.

We collect Personal Data that you provide to us when you register for an account, update or change information on your account, use our services, send e-mail messages, and / or participate in other services on our Site. During registration and later on our platform, we may collect Personal Data such as your real name, alias, e-mail address, phone number, postal address, current or past job history, unique personal identifier, online identifier, IP address, account name, payment account information, Social Security number, driver’s license number, or other similar information. We may also create Personal Data about you, such as records of your interactions with us, our clients, or our Experts, or from third parties that provide us with it or access to it.

How We Use Your Personal Data.

We may use your Personal Data for various purposes, subject to applicable law, including to:

From time to time, we may use your e-mail address to send you information and keep you informed of products and services in which you might be interested. You may at any time elect to stop receiving such emails. Your contact information may also be used to reach you regarding issues concerning your use of the Site, including changes to this Privacy Policy.

How We May Share Personal Data.

We may, for legitimate business purposes, disclose your Personal Data to other parties, including:

We may disclose your Personal Data to a third party if we believe in good faith that such disclosure is necessary or desirable (i) to comply with lawful requests, subpoenas, search warrants, or orders by public authorities, including to meet national security or law enforcement requirements, (ii) to address a violation of the law,(iii) to protect the rights, property, or safety of VisasQ, its users or the public, or (iv) to allow VisasQ to exercise its legal rights or respond to a legal claim.

If we engage a third party to process your Personal Data, that party will (i) only process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.


For Residents of Japan Only:

This Privacy Notice for Residents of Japan supplements the information contained in VisasQ’s Privacy Policy and applies solely to Site visitors, users of or participants in our services, and others who reside in Japan ("consumers" or "you"). We adopt this notice to comply with the Act on the Protection of Personal Information, Act No. 57 of 2003, Japan (the "Personal Information Protection Act") and any terms defined in the Personal Information Protection Act will have the same meaning when used in this notice.


Handling of Personal Information

1. Collection of Personal Information

We may collect the following Personal Information. Channels for collecting Personal Information described in i., ii., and iii. below include your provision to us and our acquisition of information made public by you on sources such as the Internet.

  1. Personal Information about individual members of our expert network (“Experts”), visitors to our Site, and officers or employees of corporate members (except Client) who use the Services (as defined below):
    1. Name
    2. E-mail address
    3. Telephone number
    4. Education and career history
    5. Address (including country of residence information)
    6. User ID of SNS etc.
    7. Date of birth
    8. Passport number, driver’s license number, other individual identification number
    9. Registration number in the qualified invoice-based system (Invoice System)
    10. Facial image information
    11. Bank account
    12. Country of issuance of credit cards
    13. Usage history for services we provide (the "Services")
    14. Output of questionnaires and surveys that Experts answered
    15. Behavioral history for our websites
    16. IP address

    We do not collect "credit card number, etc." (Article 35-16, Paragraph 1, main paragraph of the Japanese Installment Sales Act).

  2. Personal Information about officers or employees of our clients and their authorized users, including potential clients (“Clients”), and employees and officers of vendor corporations we have a business relationship with:
    1. Name
    2. E-mail address
    3. Telephone number
    4. Company name, department, title
    5. User ID of SNS etc.
    6. Usage history for the Services
    7. Behavioral history for our websites
  3. Personal Information about individuals (excluding Experts and individuals who use our service set forth in i. above) and officers or employees of corporations (excluding corporate members set forth in i. above and Clients or corporations which use the Services set forth in ii. above) that we have business relationship:
    1. Name
    2. E-mail address
    3. Telephone number
    4. User ID of SNS etc.
  4. Personal Information about our shareholders:
    1. Name
    2. Address
  5. Personal Information about persons engaged in recruitment activities, applicants for employment, participants or applicants of internships:
    1. Name
    2. E-mail address
    3. Telephone number
    4. Education and career history
    5. Date of birth
    6. Address
    7. User ID of SNS etc.
  6. Personal Information about retirees:
    1. Name
    2. E-mail address
    3. Telephone number
    4. Education and career history
    5. Date of birth
    6. Address
    7. User ID of SNS etc.
  7. Personal Information about individual user who made request for materials, applied for seminars, or uses request form:
    1. Name
    2. E-mail address
    3. Telephone number

2. Purposes

We identify purposes of the collected Personal Information as follows.

  1. Personal Information about Experts, regardless of individual members or corporate members (including Clients), and officers or employees of corporations which use the Services (including potential clients). (1.i. and 1.ii.)
    1. Deliver the Services (including responses to inquiries regarding the Services and responses to matters required under the Terms& Conditions applicable to the Services) in relation to you
    2. Analyze and assess improvements, expansions, other changes to the Services
    3. Distribute notifications, e-mail newsletters, and other notices regarding the Services
    4. Develop and analyze statistical data and other marketing
    5. Develop and assess new services
    6. Advertise products and services of ours or a third party's
    7. Implement campaigns, questionnaires, monitors, interviews, etc.
    8. Matching with your registered name or trade name on the Publication Site of Qualified Invoice Issuer regarding Invoice System maintained by National Tax Agency, and determination of your country of residence
    9. Disclosure to third parties set forth in section “5. Disclosure to third parties in or out of Japan”.
  2. Personal Information about individuals that we have business relationship (excluding individual member set forth in 1.i. and other individuals that use the Services) and officers or employees of vendor corporations (excluding Clients) (1.iii.)
    1. Communication regarding transactions with us, performance of contracts, management of transactions, and management of revenues and expenditures
    2. Matching with your registered name or trade name on the Publication Site of Qualified Invoice Issuer regarding Invoice System maintained by National Tax Agency, and determination of your country of residence
  3. Personal Information about shareholders (1.iv.)
    1. Exercise rights and perform obligations under the Japanese Companies Act
    2. Operate and record general meetings of shareholders
    3. Offer benefits to shareholders
    4. Deliver measures to facilitate relations with shareholders
    5. Manage shareholders such as preparing data pursuant to laws and regulations
  4. Personal Information about persons engaged in recruitment activities, applicants for employment, participants or applicants of internships (1.v.)
    1. Deliver information to persons engaged in recruitment activities, applicants for employment, participants or applicants of internships, and other recruitment related use
  5. Personal Information about retirees (1.vi.)
    1. Administrative matters and communication after retirement
  6. Personal Information about individual user who made request for materials, applied for seminars, or uses request form (1.vii.)
    1. Reply to inquiries to us by request form
    2. Delivery of information about the Services, email newsletters or other information
    3. Advertisement of products or services of ours or third party’s

3. Entrusted handling of Personal Data

We are not contracted for the purpose of processing Personal Data for other individual or entities.

4. Entrustment of the handling of Personal Data

We may engage third party service providers to process Personal Data to the extent necessary to achieve any of the purposes above on our behalf and in accordance with our instructions and supervision in order to ensure Personal Data is safely and properly processed and managed.

In cases of entrustment to any third party in a foreign country (a country or region outside Japan), we will not conduct such entrustment without the prior consent of the principal, except as permitted by law.

With respect to the handling of Personal Data, we may use external services, such as cloud services, provided by a third party (including a third party in a foreign country). In this case, if we can confirm (i) that it is stipulated in the agreement with such external services provider or other rules of such provider including terms of use that such provider will not handle Personal Data and (ii) that such provider implements proper access control, then we will handle Personal Data deeming that such case does not fall under third-party-provision or entrustment. Even in such case, we will implement the actions provided in “8. Security management of Personal Data.”

5. Disclosure to third parties in or out of Japan

We will not provide Personal Data to any third party in Japan without obtaining the prior consent of the principal except as set forth below. Further, we will not provide Personal Data to any third party in any foreign country without obtaining the prior consent of the principal except as set forth in i. through vi. and x. below.

  1. When we provide information about Experts or other individuals who use the Services to Clients, corporate members (including Clients), other corporations that use or have possibility to use the Services (including corporations that have requested us materials or have joined seminars hosted by us) and users of our website.
  2. When we provide information about officers or employees of corporate members (including Clients) or other organizations that use the Services to our Experts or other individuals that uses the Services.
  3. When pursuant to laws and regulations
  4. Cases in which provision of Personal Data is necessary to protect your life, body, or property and in which it is difficult to collect your consent
  5. Cases in which provision of Personal Data is especially necessary to improve public health or promote sound growth of children and in which it is difficult to collect your consent
  6. Cases in which state or local governments, or those contracted by them need to cooperate in performing duties prescribed by laws and regulations and in which collecting consent of the person is likely to impede such performance
  7. Cases in which Personal Data is disclosed in relation to engagement of third party service providers to the extent necessary to achieve any of the purposes above.
  8. Cases in which Personal Data is disclosed in relation to succession of business in a merger or otherwise.
  9. Cases in which Personal Data is shared in accordance with "6. Joint use of Personal Data"
  10. Otherwise permitted by laws and regulations

In addition, we may disclose information in a state where it is impossible to identify individuals such as statistical data.

Actions to be taken by us in the cases where Personal Data is transferred to a third party which is in a foreign country and which has established a system that enables it to continuously conduct necessary actions equivalent to those which are required to Personal Information handling business operator (“Equivalent Actions”) will be described in “7. Matters Related to Our Actions concerning a Third Party in a Foreign Country.”

6. Joint use of Personal Data

We jointly use Personal Data as follows:

  1. Items of Personal Data that may be used jointly: items described in 1.i., 1.ii., and 1.iii. above
  2. Scope of joint users: our affiliate companies (click here for details)
  3. Purpose of use for joint users: purpose described in 2.i. and 2.ii. above
  4. Person responsible for managing such Personal Data: VisasQ Inc.
    Please refer to this page for the representative and address.

7. Matters Related to Our Actions concerning a Third Party in a Foreign Country

If we transfer Personal Data to a third party which is in a foreign country and is a person establishing a system conforming to standards necessary for continuously taking Equivalent Actions, we will take the following actions to ensure continuous implementation of Equivalent Actions.

    Name of recipient business operator: VISASQ SINGAPORE PTE.LTD.

    Country of Location: Singapore

    System of the Country: https://www.ppc.go.jp/files/pdf/singapore_report.pdf

Purpose: To entrust tasks concerning the development and operation of our services.

    Outline of Action: We have executed an agreement concerning entrustment with the recipient business operator and have thereby imposed obligations upon the business operator to ensure continuous implementation of Equivalent Actions regarding the handling of Personal Information.

    Name of recipient business operator: Coleman Research Group, Inc.

    Country of Location: The United States of America

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

Purpose: To entrust tasks concerning the development and operation of our services.

    Outline of Action: We have obtained, from the recipient business operator, representations and warranties concerning technical and systematic actions on Personal Information and have imposed obligations upon the business operator to ensure the continuous implementation of Equivalent Actions regarding the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/ISAE3402TypeⅡ) concerning privacy protection.

    Name of recipient business operator: Coleman Research Limited

    Country of Location: The United Kingdom of Great Britain and Northern Ireland

    Purpose: To entrust tasks concerning the development and operation of our services.

    Outline of Action: We have obtained, from the recipient business operator, representations and warranties concerning technical and systematic actions on Personal Information and have imposed obligations upon the business operator to ensure the continuous implementation of Equivalent Actions regarding the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/ISAE3402TypeⅡ) concerning privacy protection.

    Name of recipient business operator: VISASQ HONG KONG LIMITED.

    Country of Location: Hong Kong

    System of the Country: https://www.ppc.go.jp/files/pdf/hongkong_report.pdf

Purpose: To entrust tasks concerning the development and operation of our services.

    Outline of Action: We have obtained, from the recipient business operator, representations and warranties concerning technical and systematic actions on Personal Information and have imposed obligations upon the business operator to ensure the continuous implementation of Equivalent Actions regarding the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/ISAE3402TypeⅡ) concerning privacy protection.

    Name of recipient business operator: Okta,Inc.

    Country of Location: The United States of America

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

Purpose: For user authentication using Auth0 service provided by the recipient business operator.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use, (ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO/IEC 27018) concerning privacy protection.

    (For your reference) Document on security and privacy for Auth0

    https://www.okta.com/sites/default/files/2022-03/security-privacy-documentation-auth0-platform-_jp_en-ja.pdf


    Name of recipient business operator: FullStory, Inc.

    Country of Location: The United States of America

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

    Purpose: To measure usage status from factors including behavioral patterns on our website.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use, (ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/SOC2 (Type II)) concerning privacy protection.

    (For your reference) Document on security and privacy

    https://www.fullstory.com/privacy-resources/


    Name of recipient business operator: Mixpanel, Inc.

    Country of Location: The United States of America

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf


    Purpose: To measure usage status from factors including channels onto our website and information on browsers and devices used.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use, (ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/SOC2 (Type II)) concerning privacy protection.

    (For your reference) Document on security and privacy

    https://mixpanel.com/legal/privacy-policy/


    Name of recipient business operator: Intercom, Inc

    Country of Location: The United States of America

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

    Purpose: To provide notifications and chatting functions, based on visiting status to our website and other factors.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use, (ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information.

    (For your reference) Document on security and privacy

    https://www.intercom.com/legal/privacy


    Name of recipient business operator: Zendesk, Inc.

    Country of Location: The United States of America and the Commonwealth of Australia

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

    https://www.ppc.go.jp/files/pdf/australia_report.pdf

    Purpose: To provide contact and inquiry function.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use, (ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information. Further, the recipient business operator is certified by the international standard (ISO27001/SOC2 (Type II)) concerning privacy protection.

    (For your reference) Document on security and privacy

    https://www.zendesk.co.jp/company/agreements-and-terms/privacy-notice/

    Name of recipient business operator: Marketo, Inc.

    Country of Location: The United States of America and the Republic of India

    System of the Country: https://www.ppc.go.jp/files/pdf/USA_report.pdf

    https://www.ppc.go.jp/files/pdf/india_report.pdf

    Purpose: To centrally manage information such as inquiries, email notifications, seminar participation status, and visiting status of our website.

    Outline of Action: We have executed an agreement with the recipient business operator, thereby stipulating relevant matters including that (i) Personal Data will be handled within the scope of a specified purpose of use,(ii) necessary and appropriate actions for security management will be taken, (iii) necessary and appropriate supervision over its employees will be exercised, (iv) subcontracting is prohibited, and (v) third-party provision of Personal Data is prohibited, and ensure the continuous implementation of Equivalent Actions concerning the handling of Personal Information.

    (For your reference) Document on security and privacy

    https://www.adobe.com/privacy/policy.html?id=cookie-policy

8. Security management of Personal Data

We will keep Personal Data accurate and up-to-date to the extent necessary to achieve any of the purposes above, and will strive to delete Personal Data without delay which we no longer need to use.

In addition, in order to prevent unauthorized access to Personal Data, from loss, destruction, damage, falsification, and leakage, we will implement necessary measures such as maintenance of security systems,development of management systems, and thorough employee education,and safety measures to strictly control Personal Data.
Details of safety management measures are as follows.

(Formulation of Basic Policies)

In order to ensure the proper handling of Personal Data, "Handling of Personal Information" was formulated as a basic policy for "compliance with relevant laws and guidelines" and "consultation and complaint inquiries regarding Personal Information."

(Development of Disciplines on the Handling of Personal Data)

Formulation of Personal Information Handling Regulations and Safety Management Regulations that stipulate handling methods, persons in charge, and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc. of Personal Data.

(Organizational Safety Management Measures)

  1. Establish a person in charge of the handling of Personal Data, clarify the scope of Personal Data handled by employees handling Personal Data, and establish a communication system for reporting in emergencies, etc.
  2. In addition to conducting periodic self-inspections of the status of Personal Data handled by other departments conducting audits by certification bodies

(Measures for Human Security Management)

  1. Periodic training for employees on matters to be noted regarding the handling of Personal Data
  2. Matters concerning the confidentiality of Personal Data are described in the Work Rules.

(Physical Safety Management Measures)

  1. In areas where Personal Data is handled, restrictions are imposed on equipment used for employee access control and work, and measures are taken to prevent unauthorized persons from viewing Personal Data.
  2. Measures shall be taken to prevent theft or loss of equipment, electronic media, documents, etc. handling Personal Data, and measures shall be taken to prevent Personal Data from being easily identified when such equipment, electronic media, etc. are carried.

(Technical Safety Management Measures)

  1. Implement access control to limit the scope of persons in charge and Personal Information databases handled
  2. Introduced a mechanism to protect information systems that handle Personal Data from unauthorized access from outside sources or from unauthorized software.

(Understanding of External Environments)

In the case that the country to which the Personal Data is transferred is a country that does not have a personal information protection system that is equivalent to that required in Japan, we will grasp the personal information protection system in such country and implement necessary security management measures. As to actions to be taken in the case in which Personal Data is provided to a person which has established a system that enables it to continuously conduct Equivalent Actions, are described in “7. Matters Related to Our Actions concerning a Third Party in a Foreign Country”.

9. Purposes of Personal Data in our Possession

The purposes of Personal Data in our possession are the same as described in “2. Purposes” above.

10. Disclosure or Correction of Personal Data in our Possession

We will respond to request by you or your agent, with respect to Personal Data in our possession, of notification, disclosure or change etc. (correction of contents, addition or deletion) of the purposes, stop of usage etc. (stop of usage or deletion,) and stop of provision to a third party in accordance with laws. Please emailing us at: [email protected]. When you request the procedure above, please provide us with the followings to verify your or your agent’s identity:

  1. Copy of driver’s license, passport (which clearly states name, address of yours or your agent’s or certificate of residence ("jyumin-hyo”) which was issued with 30 days prior to the request)

In the case of agent:

  1. Document which proves the authority of agent
  2. In the case of lawyer, document which shows registration number of the lawyer.

We will charge you JPY1,000 for notification of purposes or disclosure request per request. Please pay to the bank account designated by us. Bank transfer fee for such payment shall be paid by you. In the case of requests which require a lot of our work, we may charge you extra fee subject to our prior fee quotation.

11. Cookies

We may track, collect, and aggregate information from your use of the Site, through the use of cookies or otherwise, indicating, among other things, which pages of our Site were visited, the order in which they were visited, when they were visited, and which hyperlinks were clicked. We also collect your IP address and standard log information, such as your browser type and operating system. Cookie Information may be tied to the above-mentioned Personal Information. The purpose of using Cookie Information when tied to Personal Information is handled in accordance with the above-mentioned purpose in addition to the use described in Cookie Policy.

12. Changes to this Privacy Policy

We may modify this Privacy Policy and if any material changes are made to it, we will provide notice through our services or by other means to provide you the opportunity to review the changes before they become effective.

You acknowledge that your continued use of the Site after we publish or send a notice about our changes to this Privacy Policy means that the collection, use, and sharing of your Personal Data is subject to the updated Privacy Policy.

13. Scope of this Privacy Policy

This Privacy Policy applies to collection, use or sharing of Personal Information in the Services. This Privacy Policy does not apply to collection, use or sharing of Personal Information on third party websites and services which are linked from the Services. We are not responsible or liable for collection, use or sharing of Personal Information on third party websites and services.

14. Personal Information Handling Business Operator

VisasQ Inc.
Please refer to this page for the representative and address.

15. Title and Department of Person in Charge for Management of Personal Data

Legal and Compliance Team; Personal Data Protection Administrator

16. Contact information

Please contact Personal Information Desk below for any opinions, questions, objections, complaints,or other inquiries regarding Personal Information:

<Personal Information Complaint Consultation Desk>

Sumitomo Fudosan Aobadai Hills 9F,
4-7-7 Aobadai, Meguro-ku, Tokyo 153-0042, Japan
Personal Data Protection Administrator, VisasQ Inc.
E-mail: [email protected]
Hours: Weekdays 10:00-17:00(JST)

17. Governing Law and Jurisdiction

The governing law of this Privacy Notice for Residents of Japan is Japanese law. The Tokyo District Court shall be the court of exclusive jurisdiction in the first instance.

With respect to Personal Information about residents out of Japan, in addition to the Personal Information Act of Japan, we will comply with such applicable laws and regulations on protection of Personal Information as equivalent to the Personal Information Act of Japan.

18. PrivacyMark

We are certified user of “PrivacyMark”. PrivacyMark is certification system which allows a certain entity to use PrivacyMark, subject to evaluation and certification by third party certification body as an entity which takes appropriate measures to protect Personal Data.

Certification Body: JIPDEC


For Residents of the European Economic Area (EEA) and United Kingdom (UK) Only:

This Privacy Notice for EEA and UK Residents supplements and should be read in conjunction with the information contained in VisasQ’s Privacy Policy and applies solely to Site visitors, users of or participants in our services, and others who reside in the EEA. VisasQ is the data controller with respect to your Personal Data (“Controller”). The Controller is the entity that determines how and why Personal Data are processed. VisasQ retains your Personal Data until either it is no longer necessary for the purpose for which it was collected, you withdraw consent to process your data, or no other legal basis for processing exists. VisasQ’s address is Sumitomo Fudosan Aobadai Hills 9F, 7-7, Aobadai 4-chome, Meguro-ku, Tokyo, 153-0042 Japan, and you can contact VisasQ via e-mail at [email protected].

Legal Basis for Data Processing. As explained above, we use your Personal Data in various ways depending on your use of the Site and/or participation in VisasQ’s services. We may process your Personal Data in reliance upon one or more of the following legal bases, depending on the circumstances:(1) with your consent;(2) as necessary to perform our agreement to provide services;(3) where required by applicable law;(4) where necessary to protect the vital interests of any individuals; or (5) where we have a legitimate interest.

Transfers of Personal Data. Personal Data we collect may be transferred to, and stored and processed in, Japan or any other country in which we, our affiliates, or third parties with whom we engage in order to provide our services maintain facilities. We will ensure that transfers of Personal Data to a third country or an international organization are subject to appropriate safeguard as described in Article 46 of the General Data Protection Regulation.

Right to Access and Correct Personal Data. You can access your Personal Data and confirm that it remains correct and current by logging into the Site. You have the right to request access to your Personal Data and to receive a copy of your Personal Data, as well as certain information about our processing activities with respect to your Personal Data. You have the right to request correction or completion of your Personal Data if it is inaccurate or incomplete. You have the right to restrict our processing if you contest the accuracy of the data we hold about you, for as long as it takes to verify its accuracy. If you are a current VisasQ client or a current member of our expert network and would like a copy of your Personal Data, please send an e-mail to: [email protected].

Right to Personal Data Portability. Where technically feasible, you can request that your Personal Data be transmitted directly from VisasQ to another data controller in a structured, commonly used, and machine-readable format. If you would like to request your Personal Data to be ported, please send an e-mail to: [email protected].

Right to Request Data Erasure. You have the right to have your data erased from our Site if (i) the data is no longer necessary for the purpose for which it was collected, (ii) you withdraw consent and no other legal basis for processing exists, or (iii) you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing. Your Personal Data will generally be erased from the Site without undue delay and will be anonymized in order to be able, if necessary, to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions or agreements, or fulfill your request to “unsubscribe” from further messages from us. If you would like to request the erasure of your Personal Data from our Site, please send an e-mail to: [email protected].

Right to Withdraw Consent. Where we process your Personal Data on the basis of your consent, you have the right to withdraw consent. If you would like to withdraw your consent to the processing of your Personal Data, please send an e-mail to: [email protected].

Right to Lodge Complaint. You have the right to lodge a complaint with the appropriate relevant data protection supervisory authority in your EEA country of residence, found here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm


For Residents of the State of California Only:

Effective January 12, 2023

This Privacy Notice for California Residents supplements the information contained in VisasQ’s Privacy Policy and applies solely to Site visitors, users of or participants in our services, and others who reside in the State of California ("consumers" or "you"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA) (collectively referred to in this policy as “CCPA”). Any terms defined in the CCPA will have the same meaning when used in this notice.

Information We Collect. Our Site collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). VisasQ collects information from five personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). VisasQ’s Site has collected the following categories of personal information from its consumers within the last twelve (12) months:

Data Categories: General Examples: (these lists do not represent the data points VisasQ actually collects) Data we Collect: Third Parties we Share Data With:
Identifiers A real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, or other similar identifiers. Real name, alias, postal address, unique personal identifier, online identifier, IP address, email addresses directly provided to VisasQ, account name, country of residence, postal code, time zone, and the account user name used on our VisasQ website, or other similar identifiers. VisasQ shares personal identifiers with our Clients for the purposes of providing our services.
Records information described in subdivision (e) of Section 1798.80 Insurance policy number, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. A name, signature, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, employment, employment history, and bank account numbers for consumers who will be paid for their participation in our services. Some personal information included in this category may overlap with other categories. VisasQ shares bank account information with third parties for the purposes of processing payments to consumers participating in our services.
Commercial Information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. N/A
Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. We automatically collect information on interactions with VisasQ’s website. We collect information on consumers’ interactions with our service application during the course of their participation in our services. VisasQ shares voluntarily and directly provided internet or similar network activity information with our Clients for the purposes of providing our services when authorized by the consumer to do so. VisasQ may share automatically collected information with third parties as necessary to facilitate a consumer’s voluntary participation in the provision of our services (e.g. cloud service providers, payment processors, etc.).
Professional or employment-related information. Current or past job history, performance evaluations, disciplinary records, workplace injury records, disability accommodations, and complaint records. Current and past job history, professional qualifications and third-party relationships or affiliations. VisasQ shares professional or employment-related information with our Clients for the purposes of providing our services.

VisasQ obtains the categories of personal information listed above from the following categories of sources:

Personal information does not include:

Use of Personal Information. In addition to the stated uses set forth above, we may use, or disclose the personal information we collect for any purpose described to you when collecting your personal information or as otherwise set forth in the CCPA.

Sharing of Personal Information. VisasQ may disclose your personal information to third parties for purposes consistent with the business purpose for which it was collected. In the preceding twelve (12) months, VisasQ has disclosed the following categories of personal information for a business purpose:

Sale of Personal Information. In the preceding rolling twelve (12) months, VisasQ has not sold personal information.

Sensitive Personal Information:
VisasQ may collect the following items of sensitive personal information from Experts:

Data Categories: Data we Collect: Purposes for Which Data is Used: Whether Data is Sold or Shared:
A consumer’s social security, driver’s license, state identification card, or passport number. Social Security numbers and driver’s license numbers provided directly and voluntarily by Experts in order to participate in the provision of our services. Social security and driver’s license numbers may be used to verify the identity of an Expert. VisasQ does not sell or share sensitive personal information about consumers.

Retention and Opt-Out Procedures. By agreeing to our Privacy Policy you will have opted in to the sharing of your personal information as described herein. VisasQ will retain your information only for as long as is necessary for the purposes set out in this policy, for as long as your account with VisasQ is active, or as needed to provide our services to you. If you no longer want VisasQ to use your information you may notify us to disable your Expert profile and delete your personal information. In the event that you provide us notice of such request (see Exercising Access, Data Portability, Correction, and Deletion Rights), VisasQ will only retain and use your information to the extent necessary to comply with our legal obligations.

Your Rights and Choices Related to Personal Information. The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights. You have the right to request that VisasQ disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

Correction of Inaccurate Personal Information. You have the right to ask us to correct inaccurate or incomplete personal information about you. Upon our receipt of your verifiable consumer request to correct inaccurate personal information, we will use commercially reasonable efforts to verify and correct the inaccurate personal information.

Deletion Request Rights for Personal Information. You have the right to request that VisasQ delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Request Response Timing and Format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  1. Deny you goods or services.
  2. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  3. Provide you a different level or quality of goods or services.
  4. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  5. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.