This Privacy Policy describes how we collect, store, use and protect your personal data and informs you of your privacy rights. Please read this privacy policy carefully before using this website, using our services, or contacting us.

If you do not want your personal data to be used as set out in this Privacy Policy, please do not provide us with your personal data. Please note that this may affect our ability to provide you with services, your access to this website, your use of some features of this website, and your feedback.

Article 1 Scope of application

The scope of this Privacy Policy is the processing of your personal data, and the scope of this Privacy Policy is the processing of your personal data and is subject to privacy-related regulations in European Economic Area (EEA) Member States and the UK, such as the General Data Protection Regulation (“GDPR”) and the UK GDPR. Only those to which the rules apply.

Article 2 (Definition)

The terms used in this privacy policy are defined as follows.

• "Applicable Privacy Legislation" means applicable privacy legislation, including the European Union's (EU) General Data Protection Regulation ("GDPR") and the relevant national implementing laws.
• “Personal Data” means any information relating to an identified or identifiable natural person that we process in accordance with Section 3 of this Privacy Policy.
• “Privacy Policy” means this Privacy Policy.
• “Processing” means an operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, editing, structuring, storage or modification of personal data; and/or alteration, retrieval, reference, use, disclosure by transmission, distribution or otherwise making available, alignment and/or combination, restriction, erasure and/or destruction).
• “Controller” means the natural or legal person, governmental authority, agency or other person who, alone or jointly with others, determines the purposes and means of the processing of personal data; The administrator under this privacy policy is our company (Gene Co., Ltd.).
• “Website” means https://yugen-gallery.com .

Article 3 (Personal data collected)

1. Our company may collect the following personal data from users of this website.

• Contact information: name, address, company name, department name, job title, telephone, email address, and other similar information, etc.
• Technical details of your access to our website: your IP address, cookies and operating system, browser type (for accessing our website), details of the device you are using (your device serial number, unique identification number, MAC address, etc.), technical and event-based data about the use of your device (data about Internet and Bluetooth combinations and connections, session duration, etc.), etc.
• Other information you provide to us: Comments and other information you provide

2. We do not collect sensitive personal data or criminal personal data except in accordance with applicable privacy laws. Furthermore, it is not intended to obtain personal data (directly) from minors.

Article 4 (Legal basis for data processing)

Our company may process personal data for the following purposes when it is necessary to pursue our legitimate interests and provide appropriate products and services to our customers.

1. If the customer agrees

2. Where it is necessary for our legitimate interests as described below and your data protection rights do not override our interests.

• Providing our products and services to customers
• Ensuring business continuity
• To provide, improve and develop our products, services and advertising;
• Communicate our policies and terms and conditions to you;
• Promoting safety and security
• Using personal data for business management, data analysis, research, auditing, etc.
• To ensure that the content of this website is provided to you in the most effective manner;
• To notify you about changes to our products or services;
• Manage your account
• To fulfill our legal obligations, exercise our legal rights, or protect the rights of third parties;

3. When necessary to fulfill legal obligations

4. Where it is necessary to protect our legitimate interests and legal rights and your data protection rights do not override our interests.

5. To protect our legitimate business interests and legal rights. This includes use in connection with legal compliance, regulation, auditing, legal claims (including disclosure of such information in connection with legal proceedings or litigation) and other ethical and legal compliance reporting requirements. Not limited to these.

Article 5 (Purpose of personal data processing)

1. Our company may process personal information for the following purposes:

• Providing our products and services to customers
• Ensuring business continuity
• To manage services related to our employees and their employment relationships;
• To provide, improve and develop our products, services and advertising;
• Communicate our policies and terms and conditions to you;
• Promoting safety and security
• Using personal information for business management, data analysis, research, auditing, etc.
• To ensure that the content of this website is provided to you in the most effective manner;
• To notify you about changes to our products or services;

2. Our company may also process personal information for the following purposes:

• To fulfill our obligations to our employees, business partners, vendors, and other third parties who provide services to us;
• Fulfilling our legal and regulatory obligations and requirements in all parts of the world, including reporting to and/or being audited by domestic and international regulatory bodies.
• Manage job applications
• Preventing and detecting fraud and crime
• Manage the security of and access to our systems, equipment, platforms, websites and applications;
• To enforce and/or defend our legal rights in response to court orders;
• protect the rights of third parties;
• Other legitimate commercial purposes
• In addition to the above, if permitted or required by applicable laws and regulations.

3. We will process personal data as set out in this Privacy Policy and in accordance with applicable privacy laws.

4. If, at the time we collect your personal data, we intend to further process your personal data for purposes other than those set out above, we will provide you with information regarding those other purposes and any additional relevant information prior to further processing. shall be provided.

Article 6 Who will share your personal data?

We may share your personal data with third parties in the following cases:

1. Terms of data sharing

We will share your personal data with third parties only in the following cases:

• When sharing is necessary for third party service provision or third party engagement. For example, in principle, third parties only have access to personal data that is necessary as part of providing their services.
• If a person who belongs to the third party and has access to the personal data is obligated to maintain the confidentiality of the personal data.
• If that third party is obligated to comply with applicable data protection laws.

2. Who we share your personal data with

Our company may share all or part of the information stipulated in Article 3 above with the following parties (third parties).

• Cooperating companies and sole proprietorships that perform operations on behalf of our company
• Related parties such as airlines, shipping companies, trucking companies, warehouses, auditing companies, consulting companies, law firms, insurance companies, other authorities, marketing agencies, market research agencies, internet hosting providers and payment processors Subcontractors and Service Providers, Our Contract Artists
• Persons that the data processors of our affiliated companies authorize, employ, or engage for the purpose, and who are involved in the processing and who have a need to know (accounting firms, auditing firms, insurance entities) , tax accountant corporation)
• Competent authorities, such as police or authorities of the country of transit or destination (for customs clearance purposes, only if required by the law of each country)
• Other third parties with a need to know

Article 7 (Transmission of personal data to third parties)

We may transfer personal data to entities (including our group companies and contractors) in countries or jurisdictions outside the European Economic Area (EEA), such as Japan. Please note that such countries or jurisdictions do not have the same data protection laws as the EEA and may not recognize many of the rights afforded to data subjects within the EEA. Where we transfer your personal data outside the EEA, we will ensure that your personal data is protected and transferred in a manner consistent with the legal requirements applicable to that personal data. If your personal data is transferred outside the EEA, you can obtain further information about the protection of your personal data by contacting us.

1. Relocation outside the EEA

Some of the third parties to whom we entrust your personal data are based outside the EEA and/or the United Kingdom (“GDPR Third Countries”). Where data is transferred from the EEA/UK to a GDPR third country, the transfer is subject to the GDPR and the UK GDPR and any documents issued by the European Data Protection Board, the European Commission or other competent authorities in this regard. Subject to further recommendations or decisions. If we transfer your data outside the EEA or the United Kingdom, the legitimacy of such transfer is as set out below. Please note that if we collect personal data directly from you, this does not constitute a transfer.

2. Justification of transfers outside the EEA and the UK

Whenever we transfer your personal data to a GDPR third country, we will ensure that it is afforded the same degree of protection by ensuring that at least one of the following safeguards is implemented:

- GDPR The legitimacy of the transfer of your personal data to third countries may be based on so-called EU adequacy decisions. An adequacy decision is, for example, an acknowledgment by the European Commission that a particular country provides the same level of data protection as the GDPR. This applies when transferring your personal data from the EEA to Japan.

- If we transfer personal data to a GDPR third country where an adequacy decision does not apply, we will use the relevant version of the Model Clauses on Data Protection published by the European Commission, the so-called Standard Contractual Clauses (“Transfer SCC”); Execute a UK transfer agreement approved by the ICO. We will take additional measures as deemed necessary under applicable privacy laws. These additional measures may be technical, organizational and/or contractual measures.

Article 8 (Security)

1. We will take appropriate organizational and/or technical security measures to protect personal data and prevent its unauthorized use, loss or alteration. Additionally, we grant access to personal data only to our employees, agents, contractors and other third parties who have a need to know that personal data. They are subject to confidentiality obligations under their employment contract or contract (regarding data processing).

2. When entrusting the handling of customers' personal data, the Company will impose an obligation on the outsourcee to carry out appropriate security management based on the contract, and will conduct necessary and appropriate monitoring of the outsourcer.

Article 9 (Retention period)

1. Our company will not store personal data beyond the scope necessary for the purpose for which it was collected.

2. The data subject of personal data may request the Company to erase his or her personal data at any time. Furthermore, we will erase personal data when it is no longer necessary for the purposes for which it was collected or processed.

Article 10 (Cookies)

1. We use cookies to ensure that this website functions properly.

2. Cookies are information that a browser stores on a website user's computer. We use different types of cookies depending on the purpose.

• Functionality cookies: These cookies are necessary for the website to function properly, including cookies required to create an account.
• Analytical cookies: Cookies used to obtain information about how users use this website (or parts of it). This information allows us to improve the Website so that it is as closely aligned as possible with what you find interesting and important. We use the data obtained from these cookies only for the purpose of analyzing the usage status of this website.

3. Our company uses third-party cookies only for the purpose of improving the quality and effectiveness of this website. For example, we use Google Analytics, which is configured with privacy in mind. Google Analytics processes IP addresses on our behalf.

4. Most browsers enable cookies by default. Users of this website can set their browsers to disable cookies or to notify you when cookies are being sent. However, if you disable cookies, some features or services of our website or other websites may not function properly.

Article 11 (Data Breach)

In the event that a security breach occurs that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data held by the Company, the Company will promptly identify and analyze the incident. We have established a system and policy for this purpose. Depending on the results of our analysis, we will make the necessary notifications to supervisory authorities and notify affected data subjects (which may include you).

Article 12 (Rights of data subjects)

1. Where the processing of personal data is based on consent, the data subject of personal data has the right to withdraw consent with respect to his or her personal data at any time.

2. Data subjects of personal data have the right to request access to their personal data. This enables data subjects to receive a copy of their personal data held by us.

3. Data subjects have the right to request rectification of their personal data held by us. This allows data subjects of personal data to rectify incomplete or inaccurate data that we hold about them.

4. Data subjects of personal data have the right to request erasure of their personal data. This allows us to erase personal data that we have been processing without legitimate reasons.

5. The data subject has the right to object to the processing of personal data carried out by our company for purposes of our legitimate interests. If we are processing personal data for direct marketing purposes, we will always accept objections by the data subject to the personal data. If we are processing personal data for other purposes, we will do so for urgent legitimate reasons (i) which override the interests or rights and freedoms of the data subject, or (ii) to bring legal action. The processing of personal data shall cease, unless the processing is related to the performance of a claim or for the purpose of proving a claim).

6. Data subjects of personal data have the right to request restriction of the processing of their personal data.

7. The data subject has the right to request that personal data be transmitted to him or her or to a third party. The Company shall provide the data subject, or a third party designated by the data subject, with the personal data of the data subject in a structured, commonly used, and machine-readable format. Please note that this right applies only to automatically processed information that the data subject of the personal data initially consented to, or that our company has previously fulfilled a contract with the data subject of the personal data. Please note that

8. The above rights may be exercised free of charge. We will provide information regarding the subsequent situation immediately upon request by the data subject of personal data, and in any case within one month after receiving the request. This period may be extended for a further two months depending on the complexity of the request and the number of requests. We will notify the data subject of the personal data of such extension within one month of receiving the request.

9. If the request by the data subject for personal data is clearly unfounded or excessive, in particular if the same request is made over and over again, we will provide the data subject with reasonable support for the personal data. We will not charge fees or respond to such user's requests.

10. In addition to the above-mentioned rights, the data subject of personal data has the right to comply with the supervisory authority, in particular of the EU Member State in which the data subject of personal data always resides, where he or she works or where an alleged violation of the GDPR has taken place. You have the right to lodge a complaint with a supervisory authority at any time. However, we appreciate that data subjects of personal data have the opportunity to address their concerns before contacting a supervisory authority. In order to resolve the issue, we would appreciate it if you could contact us first.

Article 13 (Contact information)

If you have any questions or complaints, or wish to exercise any of the rights set out in Section 12 of this Privacy Policy, please contact us using the details below.

3F Token International Building, 2-12-19 Shibuya, Shibuya-ku, Tokyo 150-0002

Gene Co., Ltd. TEL 03-6380-6165 (Reception hours: Weekdays 10:00-19:00)

Article 14 (external link)

This website may contain information from third parties (hyperlinks, banners, etc.). We do not control such third party information and are not responsible for compliance with applicable privacy laws on behalf of such third parties. We encourage all website users to carefully read the privacy policy of any third-party website you visit.

Article 15 (General provisions)

1. We reserve the right to periodically revise this Privacy Policy. It is the responsibility of the data subject of personal data to periodically review the applicable provisions.

2. If any provision of this Privacy Policy conflicts with the law, such provision shall be replaced, to the extent permitted by law, with a provision of the same meaning that reflects the original intent of such provision. In this case, the remaining provisions will continue to apply and remain unchanged.