Spider AF
GDPR Policy
Additional Provisions for the Data Subjects in EEA

For individuals residing in the European Economic Area (“EEA”), Spider Labs, Ltd. has adopted the following additional provisions for the processing ('processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction) of personal information and other information provided by individuals residing in EEA based on the General Data Protection Regulation (“GDPR”).These additional provisions shall prevail to the extent it conflicts with any provision in the main body of the Privacy Policy.

1. Processing of the Information

(1) Categories of the information

We collect and retain from individuals residing in EEA the Information including the following categories (collectively the “Information”):

  • Basic information (name, address, phone number, e-mail address, etc.)
  • Additional information (occupation, title, office information (company name, address, telephone number, department name), etc.)
  • Informative matters/Messages (e-mail, website form input, fax, a phone note, letter, the answers to the questionnaires, etc.)
  • Information collected on the internet (IP address, device and OS information, cookies, mobile identifiers such as the ID for Advertising for iOS (IDFA), Google Advertising ID or similar mobile identifiers, interactions within an app, information regarding which advertisements have been seen or clicked on, etc.)

(2) Purposes of use:

We will use the Information for the purposes described in Article 5 of the Privacy Policy.

(3) Acquisition of the Information

We collect the Information from the following sources in conducting business related to our facilities, services and products:

  • Direct acquisition from an individual: by telephone, letter (including email and other electro-magnetic records), business cards, verbally, through the internet, etc.
  • Acquisition from persons with proper authorization to provide information for an individual: an individual applying on behalf of another, a party introduced by as second party, business partners and agents.
  • Acquisition from published material or public sources: internet, newspapers, telephone directories, books and other publications, etc.
  • Acquisition from third parties’ data analytics tools embedded in third party websites and mobile applications

(4) Provision to a third party:

We provide the Information to a person who falls under any of the following items:

  • a business operator whom we entrust with handling of the Information;
  • a Joint User among which we jointly use personal Information; and
  • information providing destination specified by laws and regulations, etc., in case of provision of the Information under laws and regulations, etc.

(5) Retention Period

We retain the information for the period necessary to accomplish its purpose of processing. Following the retention period, we eliminate or anonymize such Information in a secure way within a reasonable period of time.

2. Legal Basis

We process the Information based on your consent in principle. The processing of the Information in the absence of your consent shall be based on

(i) the necessity for the performance of the contract with you,

(ii) the necessity to take steps at the request of you prior to entering into a contract,

(iii) the necessity for the purposes of the legitimate interests pursued by us or a third party, or

(iv) the necessity for compliance with a legal obligation to which we are subject.

The legitimate interests pursued by us or a third party include

(i) an increase in operating income from marketing and improvement of services, and

(ii) improvement of the convenience, security, etc., of our website and services.

3. Transfer of the Information to a Third Country located outside of EEA

We store the Information in Japan. In addition, we may transfer the Information to business partners of us located in countries outside of EEA.

We may transfer the Information to third parties located in countries outside of the EEA, where the Information may not receive the adequate protection, as they do not have legal frameworks for the protection of Information equivalent to that of the EU.

By agreeing the any form of documents which refers to the Privacy Policy including these additional provisions, you shall be deemed to have consented to (a) the processing of Information by us in accordance with the Privacy Policy including these additional provisions, (b) the storage and processing of Information in any country where the Company or its affiliates may use facilities (including cloud storage and cloud computing operated by third parties) or in which we engage service providers.

4. Data Subject’s Rights

You have the following rights with respect to us based on laws and regulations and you may exercise these rights by contacting our DPO. In the event that you exercise these rights, we will respond in good faith, barring statutory exceptions, after confirming that the requesting person is the person in question.

The right of access: The right to obtain confirmation as to whether or not the Information concerning you is being processed, and where that is the case, (the right to) access to the Information and the accompanying information.

The right to rectification: The right to obtain the rectification of inaccurate Information concerning you.

The right to erasure: The right to obtain the erasure of personal information concerning you in certain cases.

The right to restriction of the processing: The right to obtain restriction of the processing in certain cases.

The right to object to the processing: The right to object the processing of Information based on the purposes of the legitimate interests pursued by us or third parties.

The right to data portability: The right to receive the Information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us.

5. Withdrawal of Consent

You can withdraw consent on the processing of information at any time. Withdrawing consent does not affect the lawfulness of the processing based on consent before the withdrawal. You can withdraw consent by contacting our DPO.

6. Lodging a Complaint with an Authority

You have the right to lodge a complaint on the processing of Information with the protection authority having jurisdiction over your residence.

7. Automated Individual Decision-Making, including profiling

We do not make decisions based solely on automated processing, including profiling.

8. Security and confidentiality measures

We handle the Information with appropriate security and confidentiality measures.

9. Data Protection Officer(DPO)and EU Representative and these contacts

(1) DPO

Data Protection Officer
Minamiaoyama ST Bldg. 4F, 7-10-3 Minamiaoyama, Minato City, Tokyo 107-0062
Spider Labs, Ltd.
Email: dpo@spideraf.com

(2) EU Representative

Eurico Doirado
Spider Labs Office, R. Braamcamp 84, 3º DTO, 1600-892 Lisboa, Portugal
Email: dpo@spideraf.com