Transom Privacy Policy
This Privacy Policy covers our collection and use of private data via our programs, services and systems. Users of our site and Participants in our Programs, Services and Projects are required to consent to this policy before their participation, to enable us to provide our Programs, Services and Systems.
Transom Privacy Policy
1. About Us
Transom and its subsidiaries ("Transom," "we," "us") are committed to privacy and to transparency in our information practices. In this privacy notice, we describe our collection, use, disclosure and processing of personal information that we collect online via our website and by email, as well in connection with our products and services. The sale and provision of such Services are also governed by our Standard Terms and Conditions and any other Master Service Agreement (MSA), Engagement Order (EO) or other Agreement in place between Transom and our clients. We are data controllers with respect to personal information about you that we receive from you and/or from our clients. We may also act as a data processor of your personal information in certain circumstances, in which case we will process personal information only under the instructions of our clients. This privacy notice describes our practices when we are acting as a data controller.
Please be sure to review the Additional Information for Residents in Certain Jurisdictions section below for important information about the categories of personal information we collect and disclose and your rights under specific privacy laws that may apply to you.
2. Scope
This privacy notice describes, generally, how Transom, in its capacity as a 'controller' or a 'business' under applicable laws, handles and processes personal information related to:
- The use of our website and associated services that link to this privacy notice, including our Public Website https://transom.jp, our LMS platform https://lms.transom.jp, and other websites and online services controlled by Transom (collectively, the "Website");
- Clients that purchase psychometric assessments (whether our assessments or those contracted with us and provided by third party Assessment providers – collectively, “our Assessments” or "Assessments"), Consulting, Development and/or reporting services (collectively with Assessments, the "Services") (or the key contacts that work for our clients) ("Clients");
- Individuals that participate ("Participate") in any of our Assessments, Projects or Programs at the request of a Client ("Participants"); and
- Any individual about whom we process personal information in the course of providing our Services ("you" or the "data subject").
Our collection, use, disclosure and processing of personal information about individuals will vary depending upon the circumstances. This privacy notice is intended to describe our overall privacy and data protection practices when we are acting as a data "controller" or "business".
Personal information. In this privacy notice, our use of the
term "personal information" includes other similar terms under
applicable privacy laws such as "personal data" and "personally
identifiable information". In general, personal information includes any
information that identifies, relates to, describes, or is reasonably capable of
being associated, linked or linkable with a particular individual.
3. Controller and Responsible Entity
The controller of your personal information collected pursuant to this privacy notice is Transom, a Japanese corporation with its registered head office at Toranomon KT Bldg 2F, 5-11-15 Toranomon, Minato-ku, Tokyo 105-0001.
4. International Data Transfers
Due to the international nature of our Consulting, Assessment and Development services, we may from time to time appoint third parties to process data containing information about you on our behalf as a data processor, or store such information in, or transfer it to persons located in, countries outside of the European Economic Area ("EEA") or Japan. These countries may not have data protection laws equivalent to those which are in force in the EEA and Japan to protect your information. Where we transfer your information to such third-party data processors and/or third parties outside of the EEA and Japan and/or process your information outside the EEA and Japan, we shall ensure that they provide sufficient guarantees in respect of the technical and organizational security measures, and take reasonable steps to ensure their compliance with those measures in order to ensure your information is adequately protected in accordance with applicable data protection laws. For more information on the appropriate safeguards in place, please contact us using the details below.
5. Personal Information We Collect and Process
We collect information you provide us via the Website and/or in connection with our Services, such as when you register or complete an Assessment, by corresponding with us by phone, email or otherwise, by participating in our Projects, Programs or other Services, or through our online client portal and LMS platform ("Transom LMS").
5.1. Sources of Personal Information We Collect
You may provide personal information to us when you register to use our Website, participate in a Project or Program or in an online or in-person meeting with any of our principals, staff or affiliates, begin or complete an Assessment, subscribe to our information services, place an order on our Website, post in discussion boards, enter a competition, promotion or survey, or otherwise interact or communicate with us via our Website and/or in connection with our Services. The actual personal information we collect and process about you will vary depending upon the circumstances. In general, we may collect personal information directly from you, automatically related to your use of our Website and other Services and from third parties, as described below.
5.1.1. Information We Collect Through Our Website
The personal information we collect through our Website may include your name, occupation, company for which you work, business address, home address, email address and phone number, financial and credit card information, and biographical information. If you engage in a Project or Program using Transom LMS, including uploading of files, posting of any text, documents or assignments, or if you contact us or engage in email, chat, online or personal conversation (collectively, “Correspondence”, we may also keep a record of that Correspondence. The kind of personal information included may vary based on the information you include in your Correspondence.
When you use our Website, we also automatically collect the following information through the use of cookies and similar technologies:
- technical information, including your login information, browser type and version, time-zone setting, browser plug-in types and versions, operating system and platform;
- traffic data, location data, weblogs and other communication data and data required for our own billing and administration purposes;
- usage data, such as the source address that the page request is coming from, including your Internet protocol address (IP address), domain name, date and time of the page request, the referring website (if any) and other parameters in the URL (e.g. search criteria); and
- information about your visit, including: the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); pages you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); methods used to browse away from the page; and any phone number used to call our customer service number.
See below regarding "Cookies and Tracking" and our Public Website Cookie Policy for more information on our use of cookies and similar technologies.
5.1.2. Information We Collect Related to Participants, Programs, Projects and Assessments
From Clients. Clients may provide personal information about Participants. This information may include the Participant's name, email address and other contact details, as well as other personal information such as HR records. Participants may also provide this information directly to us.
From Participants. Participants may take part in Assessments, Programs or other Services through our Website, via Third-party Assessment Providers and their systems, or in a handwritten format, and they may provide personal information to us via surveys or other collection methods. We may also collect information through recording or observation.
When Participating in a Program or Assessment or otherwise using our Services, we will ask the Participant to provide information and responses, such as the following personal information:
- "Identification Data" which means information such as your name, image, video, email address and other contact details.
You must provide Identification Data as this is required in order for us to administer the Program or Assessment, provide the results to the Client who requested that the Assessment is made available to you for completion, and for the purposes set out in the section entitled "For what purposes do we process information about you?"
- "Assessment Data" which means your responses to Assessments; this
may include or allow us to infer information such as:
- motives
- talents
- aptitudes
- competencies
- interests; and
- behavior in the workplace and outside the workplace.
Most responses are mandatory within the Assessments, but we will indicate to you if a response is optional. If you do not provide a response to certain questions within the Assessment, you may not be able to proceed to the next section or it may affect your Assessment score.
- "Research Data" which means responses to questions about you, and
our recordings and observations of you, and which will include information
such as:
- your gender;
- your age;
- your cultural background;
- your qualifications;
- your work experience; and
- details regarding your employment, responsibilities and work.
You do not need to provide Research Data to us. Your provision of this information is entirely voluntary (see below).
5.2. Special Categories of Personal Data
Research Data may include personal information that reveals information about you such as your racial or ethnic origin which is considered "special categories of personal information" or “special care-required personal information” under EEA, Japan and other data protection laws ("Sensitive Data"). This Research Data does not form part of any standard Assessments and is only used for our research purposes, including to monitor our tests and questionnaires for fairness and to maintain high standards for our Assessments and Programs.
Where required by applicable laws, if we directly request your Sensitive Data, we will ask for your explicit consent prior to collecting and processing such data. You do not have to provide Sensitive Data to us (other than images or videos, see below); however, we should be grateful if you would complete all the questions in assessments or meetings as this will help us to monitor our tests and questionnaires for fairness and maintain high standards for our Assessments and Programs. Your ability to complete an Assessment will not be affected by your choice not to provide Sensitive Data, nor will this choice affect your Assessment results. In complex programs that include Assessments as well as observations, assignments, Correspondence and other means of interaction, our ability to consult or otherwise provide effective Services, and your ability to achieve results for example in personal or professional development, may be impacted by your choices on what Sensitive Data to provide or not, depending on the nature of the Program and the Data.
We may ask you to enable your camera to capture images or videos of you for identification purposes for some of our assessments or when we conduct assessments for some clients. These images or videos may be provided to clients requesting that you complete the assessment. In the event we request that you enable your camera during your participation in an assessment, this will be required for you to proceed. We may ask you to enable your camera in online programs to provide a safe and positive social environment in interaction with other Participants or staff, and/or to record sessions and exercises. In the event that we request that you enable your camera during your participation in any program, this will be required for you to be able to participate and continue in the Program.
From time to time, Participants may volunteer additional personal information about themselves to us, which may include Sensitive Data. For example, Participants may inform us about a health issue or disability which may impact the way in which they undertake the Assessment.
6. Purposes of Use and Processing
We are committed to keeping your personal information confidential and secure. The way in which we use your personal information will depend upon whether you are a Client or a Participant.
6.1. Personal Information About Clients When Using Our Website or Ordering Services
We will use personal information about Clients in the course of providing Services for the following purposes:
- to fulfil our obligations arising from any contracts entered into between you and us, and to provide you with the information, products and Services that you request from us and billing you for the products and services provided;
- to provide you with information about further Assessments, reports and Services we offer that are similar to those that you have already purchased or enquired about;
- to notify you about changes to our service;
- to ensure that content from our Website is presented in the most effective manner for you and for your computer.
Personal information provided by you in relation to each of your visits to our Website will be used:
- to administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to better understand Website usage, including which areas of our Website users prefer;
- to improve our Website, to ensure that content is presented in the most effective manner for you and for your computer, and to develop new products and Services; and
- as part of our efforts to keep our Website safe and secure.
6.2. Personal Information About Participants in Programs, Projects and Assessments
We process personal information about Participants in Assessments for the purpose of providing Services to our Clients. This may include processing this data in order to:
- identify your Assessment and responses;
- assess your aptitudes and preferred working styles;
- produce Assessment reports for our Client who has made this Assessment available to you;
- help identify you as the person participating in an Assessment.
- Consulting, training, coaching, development for Participants and for Client organizations.
We may also process such personal information for research purposes. We research responses to our Assessments in the light of areas such as gender, age and cultural background over the longer term; this is considered best practice and allows us to monitor our Assessments for fairness in use, and to monitor and manage the overall quality of our Programs and Projects. We also conduct research in the areas of psychometric and other personality assessments, adult development, organizational dynamics, organization studies, management and leadership. We use this research for Product and Program development and management, quality monitoring, and we use anonymized data for the above purposes as well as academic research and publications.
We may also process your personal information for the purposes of using and refining Assessment tools, Services and Programs, analysis, accounting, billing and audit, security, administration, enforcing and defending legal rights, systems testing, maintenance and product development, customer relations, performing our obligations to Participants and Clients whether under contract or otherwise, and to help us in future dealings with you.
The Assessment reports and Services we provide to our Clients may be used by them for purposes which may include the selection and development of individuals in an employment or human resources context.
We may also provide a copy of the Assessment Data to our Clients for use by them for their own internal human resource management purposes.
Clients are entitled to use the personal information that we provide to them as part of our Services for their own purposes; however, such Clients are obliged to process such personal information in accordance with their own obligations under applicable data protection laws. You will have rights with respect to the manner in which our Clients process such personal information provided by us to them.
7. Profiling
Our Assessments are conducted, in part, on the basis of profiling, which means that we may process your personal information using software that is able to process your responses to questions and provide estimates of different attributes including your personality, preferred behavior, motivations, talents and abilities.
If you are a Participant, you should note that it is our Clients that make decisions on the basis of our Assessments. If you have any questions about how Assessment results will be used in their decision-making process, you should ask the Client (i.e. your employer or potential employer) for further information.
If you are a Client, it is your responsibility to ensure that your decision-making process, including how you interpret the Assessment results, complies with applicable laws.
8. Legal Bases for Processing Your Personal Information
Under EEA, Japan and similar data protection laws, we must have a legal basis to process your personal information. In most cases, the legal basis will be one of the following:
- to comply with our legal obligations;
- with your consent: for example, when we process any Sensitive Data about you. You have the right to withdraw your consent at any time by contacting us using the contact details below; and
- to meet our legitimate interests; for example, to fulfil our contractual obligations to Clients; for example, to conduct the Assessment, to deliver Assessment results, Programs and other Services, and to ensure that invoices are paid correctly; to provide and secure the Services, to conduct analysis that helps us to improve our Services, to ensure that any complaints or concerns can be promptly dealt with, to detect and prevent fraud, misuse and unauthorized access, to correspond with you, notify you of events or changes to our service, or otherwise respond to your queries and requests for information, which may include marketing to you; for data analysis, audits, fraud monitoring and prevention, and developing new products, enhancing, improving or modifying our Website, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities; to protect and defend our legal rights and interests and those of third parties; and to ensure our records are kept up to date and accurate; and to perform our contracts to Clients (e.g., to conduct the Programs, Services or Assessments, to deliver Assessment results or Consulting reports and to ensure payment of invoices).
9. Marketing
We do not send marketing communications to Participants who are only registered as Participants; however, we may contact you if you have provided us with your contact details and are a Client or prospective Client of our Services.
For users who are not only registered as a Participant, we may use cookies for advertising purposes as described in our Public Website Cookie Policy.
If you do not wish to receive any marketing communications that we may send to you from time to time, please let us know by emailing us at unsubscribe@Transom.jp..
10. Disclosure of Personal Information
We may disclose your personal information for the following reasons.
Information about Participants will be disclosed to our Clients in the context of the provision of Services to them in connection with the Projects, Programs and/or Assessment(s) undertaken. Individual responses may be disclosed to Clients, and an overall Assessment report will be provided to Clients, containing an overall Assessment score and additional comments about a Participant's performance.
To facilitate the Assessment process, information about you may also be passed to external suppliers from time to time and their respective suppliers, which may include:
- third-party assessment providers and their data sub-processors;
- providers of systems to facilitate the service such as email services and enquiry response services;
- providers of cloud-based services;
- web-based accounting systems;
- professional advisors and auditors;
- third parties involved with programs or events that you register for, to facilitate your participation in those programs or events, and to contribute to or produce such programs or events; and
- disclosure of your personal information under applicable law or regulation, which may include laws outside your country of residence.
Where we use external service providers, we request those providers to implement and apply appropriate security safeguards to ensure the privacy and security of your personal information. These third parties have agreed to confidentiality restrictions and to use any personal information we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us.
Finally, we also may disclose your personal information to third parties:
- In the event that we sell any part of our business or assets of our business, in which case we may disclose your personal data to the prospective buyer of the business or assets. We may also disclose your personal data to a vendor of another business or assets that we are acquiring or to a joint venture or merger partner.
- If our assets are acquired by a third party, personal information held about our Clients and Participants will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Public Website Terms and Conditions or our applicable Terms of use and Waiver and other agreements; or to protect our rights, property, or safety or those of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Aggregate and Anonymized Information. We may share aggregate or anonymized information (i.e., that which does not identify and is not linked or linkable to a particular individual), with third parties for research, marketing, analytics and other purposes.
11. Third-party Contact Details
As part of our Assessment process, we may request or you may volunteer contact details of a third party; for example, someone who can answer questions about your work in order to generate a 360 feedback report or to conduct in-person or online interviews with someone who can answer questions about your work. You should inform such third party that you intend to disclose this information and obtain their prior consent to giving us their contact details.
If we have contacted you as a result of your details being disclosed to us by a Participant in our Assessment process, we will use that information and any subsequent information you may submit to us in accordance with this Privacy Policy.
12. Cookies and Tracking
Our Website may use first party and third-party cookies, pixel tags, plugins and other tools to gather device, usage and browsing information when users visit our Website or use our online services. For instance, when you visit our Website, our server may record your IP address (and associated location information) and other information such as the type of your internet browser, your Media Access Control (MAC) address, computer type, screen resolution, operating system name and version, device manufacturer and model, language, and the pages you view and links you click on our Website, as well as date and time stamps associated with your activities on our Website. For more information, see our Public Website Cookie Policy.
We use the information for security purposes, to facilitate navigation, to personalize and improve your experience while using the Website, to improve and measure our advertising campaigns, to better reach users with relevant advertising both on our Website and on third party websites, and to report aggregate information to our advisors. We also gather statistical information about use of the Website in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. You can manage your preferences regarding cookies set by this Website (other than those portions of our Websites in which you complete an Assessment or participate in a Program, such as our LMS), using our cookie preference manager. If you have reached this Privacy Notice from a website other than our Website, please go back and use the cookie preference manager on that website to set your cookie preferences for that website.
Cookies. Cookies are small text files that a website transfers to your computer or other device to store and sometimes collect information about your usage of our Website, such as time spent on the Website, pages visited, language preferences, and other anonymous traffic data. You can control the way in which cookies are used by altering your browser settings. You may refuse to accept cookies by activating the setting on your browser that allows you to reject cookies. However, if you select such a setting, this may affect the functioning of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access or log on to our Website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org. For more information about the use of cookies on our Website and your choices regarding the placement of cookies, please see our Public Website Cookie Policy.
Pixel tags and other similar technologies. Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some websites to, among other things, track the actions of users of the website (including email recipients), measure the success of our marketing campaigns and compile statistics about usage of the website and response rates. We and our service providers may also use pixel tags in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version and internet browser type and version. This information is gathered automatically and stored in log files.
Third Party Analytics Tools. Our Website may use automated devices and applications operated by third parties (e.g., Google Analytics), which use cookies and similar technologies to collect and analyze information about use of the Website and report on activities and trends.
Do-Not-Track signals. Please note that our Website does not recognize or respond to any signal which your browser might transmit through the so-called 'Do Not Track' feature your browser might have. If you wish to disable cookies on our Website, you should not rely on any 'Do Not Track' feature your browser might have.
13. Interest-based Advertising
On our Websites we may work with third-party ad networks, analytics companies, measurement services and others ("third-party ad companies") to display advertising on our Website and to manage our advertising on third-party websites, mobile apps and online services. We and these third-party ad companies may use cookies, pixels tags and other tools to collect information on our Website (and on third-party websites and services), such as browsing history, IP address, device ID, cookie and advertising IDs, and other identifiers, general location information and, with your consent, your device's geolocation information; we and these third-party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.
You can manage how your preferences regarding third party ad company cookies set by this Website, using our cookie preference manager.
You may also obtain more information about targeted or "interest-based advertising" and opt-out of many ad networks at the industry websites below:
- Canada: www.youradchoices.ca
- EU: www.youronlinechoices.eu
- Japan Data Driven Advertising Initiative (DDAI)
- U.S.: www.aboutads.info
14. How Do We Protect Information About You?
We have taken certain physical, electronic, contractual and managerial steps to safeguard and secure the personal information we collect. Despite this, the security of the transmission of information via the Internet cannot always be guaranteed and you acknowledge this in your access and use of our Website. Please note that it is your responsibility to maintain the confidentiality of your password associated with this Website, if any.
15. Retention of Personal Information
We retain Participants' personal information (including test results) for a period of 24 months, after which time we may anonymize the data and use it for research purposes, unless a different retention period applies pursuant to a contract with a Client. We will also anonymize data at the request of the Client or the Participant. If the Participant requests their data to be anonymized, we will first inform the Client who requested the Assessment be made available to the Participant.
We retain Clients' personal information for as long as we maintain a relationship with Clients, and then for a reasonable period of time that allows us to assist with any queries, requests or complaints regarding the Assessments and/or the Services, unless a longer retention period is required or permitted by law or defined in an agreement.
We may also retain personal information longer where necessary to commence or defend legal claims, and to comply with our regulatory obligations (including record retention obligations).
16. Your Rights and Choices
Marketing. You may opt out from receiving marketing-related communications from us by emailing us at unsubscribe@transom.jp. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt out.
Access, amendment and deletion. You may request to review, make amendments, have deleted or otherwise exercise your rights, under applicable privacy laws, over your personal information that we hold, subject to certain limitations under applicable law. You may submit a request to us related to your personal information by using the data request function on the Transom LMS or by emailing us at data.requests@transom.jp. You will not have the right to make changes to the Assessment Data or other reports, however, as this would undermine the accuracy and value of the Assessment reports or other reports. In your request, please make clear what personal information you would like to have changed, whether you would like to have your personal information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personal information. We may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
To exercise your rights, please contact us using the contact information below. We may not always be able to fully address your request; for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Additional information for certain jurisdictions. Transom is committed to respecting the privacy rights of individuals under all privacy laws applicable to us. Some privacy laws require that we provide specific information about individual rights to applicable consumers, which we have set forth in the Additional Information for Residents in Certain Jurisdictions section below.
17. Changes to Our Privacy Policy
We may update this Privacy Policy from time to time. The updated Privacy Policy will be published on our Website and, where appropriate, notified to you by email. You should refer to the Privacy Policy from time to time in order to keep yourself up to date regarding the way we process your personal information.
18. Contact Information
If you wish to contact us, please send an email to data.requests@transom.jp or write to us at our email address(es) known to you from Programs or Projects in which you participate.
Additional Information for
Residents in Certain Jurisdictions
European Union / European
Economic Area (EEA)
Applicable only to Individuals based in the EEA.
The EEA section of this Policy applies if you are an individual based in the EEA regardless of nationality or your employer or authorized representative is providing your personal data to us from a country in the EEA, and the GDPR is applicable to Transom in providing the Transom Services in question.
Legal grounds for processing personal information
We process personal data for the purposes set out in this Policy, as described above. For the purposes of complying with the GDPR, we do not need to collect your consent in order to process your personal data (except in limited circumstances where we process your special categories of personal data, where we may sometimes require your consent, in which case we will obtain your consent). Instead, we rely on one or more of the following processing conditions:
These are the principal legal grounds that justify our processing of your information:
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal and regulatory obligation: where we need to use your information to comply with our legal and regulatory obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
Employment legal obligations and rights: where our legal duties as employers necessitate the processing.
Consent: where you have consented to our use of your information.
We justify our use of personal data in the manner set out in this Policy above as follows:
(a)
To provide you with our products/services:
Use justification: contract performance, legitimate interests (to enable us to
provide our products/services).
(b)
For communication with you:
Use justification: legitimate interests (to enable us to effectively
communicate with you).
(c)
For managing our business:
Use justification: legitimate interests including:
§ to enable us to provide ongoing information about our products and services;
§ to monitor satisfaction and views of our clients, customers and business partners etc. and help us grow our business;
§
to ensure the smooth operation of our internal
management and IT infrastructure processes;
Use justification: legal and regulatory obligations and legal claims (to enable
us to cooperate with law enforcement and regulatory authorities).
(d)
Others: For compliance with laws and other legal
obligations and policies
Use justification: legal and regulatory obligations, legitimate interests (to
enable us to achieve a consistent approach to compliance across our business).
Additional Information for
Residents in Certain Jurisdictions
European Union / European
Economic Area (EEA) / Dubai International Financial Centre
Residents of:
- the European Union (EU) and the European Economic Area (EEA) have the following rights, under the GDPR; and
- the Dubai International Finance Centre, have the following rights under Data Protection Law No. 5 of 2020
regarding their personal information:
- Right of access: You have the right to obtain from us confirmation as to whether or not personal information concerning you is being processed, and where that is the case, to request access to the personal information. The accessed information includes – among others - the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipient to whom the personal information have been or will be disclosed. You have the right to obtain a copy of the personal information undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
- Right to rectify and complete personal information: you can request the rectification of inaccurate data and the completion of incomplete data. We will inform relevant third parties to whom we have transferred your data about the rectification and completion if we are legally obliged to do so.
- Right to erasure (right to be
forgotten): You have the right to obtain from us the erasure of personal
information concerning you in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object; or
- it has been processed unlawfully; or
- the data must be erased in order to comply with a legal obligation to which Transom is subject.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for:
-
- compliance with a legal obligation; or
- the establishment, exercise or defense of legal claims.
- Right to restriction of
processing: You have the right to obtain from us restriction of processing
your personal information. In this case, the respective data will be
marked and only be processed by us for certain purposes. This right can
only be exercised where:
- the accuracy of your personal information is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want the personal information erased; or
- it is no longer needed for the purposes for which it was collected, but you still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
-
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
- Right to data portability: You have the right to receive the personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another entity without hindrance from us, but in each case only where the processing is (a) based on your consent or on the performance of a contract with you, and (b) also carried out by automated means.
- Right to object: You have the right to object at any time to any processing of your personal information which has our legitimate interests as its legal basis. You may exercise this right without incurring any costs. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. The right to object does not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
- Right to object to our use of your personal information for direct marketing purposes: You can request that we change the manner in which we contact you for marketing purposes. You can request that we do not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
- Right to withdraw consent: if you have given us your consent for the processing of your personal information, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to obtain a copy of safeguards: you can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside the EU/EEA. We may redact data transfer agreements to protect commercial terms.
- Right to lodge a complaint with
your local supervisory authority: You have a right to lodge a complaint
with your local supervisory authority if you have concerns about how we
are processing your personal information. For example:
- EU Data Protection Authorities in each EU member state: please see the European Data Protection Board’s website listing at https://edpb.europa.eu/about-edpb/about-edpb/members_en
- Information Commissioner's Office, at www.ico.org.uk/concerns/.
- Office of the Data Protection Commissioner in the Dubai International Financial Centre, at: https://www.difc.ae/business/operating/data-protection/.
We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.
Additional Information for
Residents in Certain Jurisdictions
Brazil
The following information applies to personal data which we process from any individuals resident in Brazil under the National Data Protection Law (LGPD):
- Scope: In addition to the circumstances set forth in the section above regarding Scope, the LGPD applies when we process personal data about a subject to protect their fundamental rights of freedom, privacy and the free development of the personality of individuals.
- Sensitive Personal Data under the LGPD: Sensitive personal data under the LGPD includes personal data (as defined above in the Scope section of this Notice) about racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person. Please see the section above regarding The personal information we collect and process for more information on how we treat sensitive personal data.
- Individual rights: Under the LGPD, individuals have certain rights related to their personal data, subject to other limitations in this law, as follows:
- Confirmation of the existence of data processing;
- Access to your personal data;
- Correction of incomplete, inaccurate, or out-of-date data;
- Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with LGPD;
- Portability of data to another service or product provider, subject to the LGPD;
- Deletion of personal data, to the extent permitted by the LGPD;
- Information about the entities with whom we have shared personal data;
- Information about the possibility of denying consent and consequences of such denial;
- Revocation of consent.
Additional Information for
Residents in Certain Jurisdictions
California Residents
In this section, we provide information for California residents, as required under California privacy laws, including the CCPA, which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of
- publicly available information made lawfully available by state or federal governments;
- personal information that is subject to an exemption under Section 1798.145(c) - (f) of the CCPA (such as information that is subject to HIPAA, the California Medical Information Act, the Gramm-Leach Bliley Act or the California Financial Information Privacy Act); or
- personal information that we may share with government entities, including law enforcement, in circumstances that include: (1) when required to do so as a matter of law; (2) to assist in the investigation of a potential crime impacting us, our employees, our clients, or the communities we serve; or (3) when required in response to legal process (e.g., subpoena, warrant)
Limitation of CCPA applicability for Transom and its business: Please note that Transom does not currently meet any of the thresholds defined in the CCPA obliging us to comply with CCPA stipulations. While we strive to provide all Clients and Participants with privacy protections according to the regulations of their resident jurisdictions, and we maintain the high standards of Japan’s APPI and the EU/EEA’s GDPR, to keep our business practical, we reserve all rights to the extent possible to rely on any exclusion of obligations. This includes any items described in the section for California residents as obligations under CCPA. Additionally, Transom does not have any offices, agents or other permanent establishment in the USA. If you are a US resident or accessing us from the USA, you should be aware that you are accessing an offshore Website, and that any online Programs or online meetings you participate in are offshore Programs or meetings. Please note that to the extend permissible, only Japanese law applies to this policy and jurisdiction is limited to the courts of Japan. This may limit or restrict the applicability and/or enforceability of any of the clauses in this section for California residents.
Purposes for Using Personal Information: While the purposes for which we may process personal information concerning Clients and Participants will vary depending upon the circumstances, in general we use personal information for the purposes set forth below.
- Providing support and services: including to provide our Services, operate our Website, applications and online services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, process your payments and provide technical support; and for other customer service and support purposes.
- Analyzing and improving our business: including to better understand how users access and use our Services and Website; to evaluate and improve our Website, Services and business operations, and to develop new features, offerings and services; to conduct surveys and other evaluations (such as customer satisfaction surveys); to develop and select employees, and for other research and analytical purposes (such as identify your Assessment and responses, assess your aptitudes and preferred working styles, produce Assessment and other Consulting reports for our Client, help identify you as the person participating in a Project, Program or Assessment).
- Personalizing content and experiences: including tailoring content we send or display on our Website and other Services, and to otherwise personalize your experiences.
- Advertising, marketing and promotional purposes: including reaching you with more relevant ads; to evaluate, measure and improve the effectiveness of our promotional campaigns; and to administer promotions. Note: we do not send marketing communications to those only registered as Participants; but we may contact them if we have their contact details, and they are a Client or prospective Client of our Services.
- Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct.
- Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, exercise, defend our rights or interests.
- Auditing, reporting, corporate governance, and internal operations: including using and refining our Programs, Projects, Assessment tools, analysis, accounting, billing and audit, security; general operational administration including testing, maintenance, product development, customer relations, employment or human resources; performing our obligations to Participants and Clients whether under contract or otherwise; and to help us in future dealings with you.
- Complying with legal obligations: including to comply with the law, our legal obligations, or our legal processes.
Categories of personal information that we collect and disclose. In general, we collect and disclose for a business purpose the following categories of personal information (as defined by the CCPA):
- Identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, or other similar identifiers.
- Customer records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, bank account number, credit card number, debit card number, or any other financial or payment information, or medical information.
- Protected classifications: characteristics of protected classifications under California or federal law such as race, colour, sex, age, national origin, disability, and citizenship status.
- Commercial information: including records of products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
- Internet or other electronic network activity information: including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement.
- Audio, video and other electronic data: visual information such as photographs, video and audio recordings.
- Employment history: professional or employment-related information.
- Education information: education information and records.
- Profiles and Inferences: Inferences drawn from any of the information identified above to create a profile reflecting a resident's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.
We do not process personal data belonging to individuals who we know are younger than 16 years old.
We may share aggregated or anonymized information (i.e., that which does not identify and is not linked or linkable to a particular individual), with third parties for research, marketing, analytics and other purposes. When we de-identify personal information, we have implemented reasonable measures as required by law to ensure that the de-identified data cannot be associated with any individual or client. We will only maintain and use such data in a de-identified manner and do not attempt to re-identify the data, except as permitted by law.
Categories of Sources of Personal Information. We may collect personal information directly from you, automatically related to your use of our Website and Services, and from third parties as described below. The actual personal information we collect and process about you will vary depending upon the circumstances. The sources for the personal information we may collect include:
- from you, either directly (i.e., through information you submit to us, including via forms that you may complete and submit through our Website) or indirectly (i.e., by observing your actions in our Projects or Programs or on our Website)
- from our Clients in connection with us providing professional services to them
- from our service providers (i.e., companies who are assisting us in fulfilling our contracts and carrying out our business, such as to perform mailings or to provide customer assistance)
- from the content of information you provide when you enter a competition, promotion or survey
- from "cookies" and other similar tools deployed on parts of our Website
- other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected with on social media), and from other third parties
Categories of Third Parties to Whom We Have Disclosed Personal Information
In the past twelve months, we have disclosed certain categories of personal information to the following categories of third parties:
- our business clients;
- advertising networks;
- internet service providers;
- data analytics providers; and
- service providers (i.e., companies who are assisting us in fulfilling our contracts and carrying out our business).
- Sub-processors as listed on our Website at https://transom.jp/transom-data-processing-partners/.
Information Concerning the Sharing or Selling of Personal Information. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information we may have collected, through the use of targeting cookies, to third parties in order to receive certain services or benefits from them, such as when we allow third party tags to collect information such as browsing history on our Website, in order to improve and measure our ad campaigns, to facilitate navigation, to personalize and improve your experience while using the Website to better reach users with relevant advertising both on our Website and on third party websites, and to report aggregate information to our advisors.
The CCPA defines a "sale" as disclosing or making available to a third party Personal Information in exchange for monetary or other valuable consideration and it defines "share" in pertinent part as disclosing personal information to a third party for cross-context behavioral advertising.
Pursuant to the CCPA, the categories of personal information that we may "sell" as defined under the CCPA includes:
- Identifiers including, but not limited to, a real name, alias, address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, or other similar identifiers.
- Electronic usage data, including, but not limited to, browsing history, search history, and information regarding your interaction with our Website.
We have "sold" the categories of personal information listed above to data analytics providers in the preceding twelve months for the purposes outlined above.
We do not "share" personal information with third parties for cross-context behavioral advertising.
Rights of California residents. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
- Do-Not-Sell: California residents have the right to opt out of the sale of their personal information. Opt-out rights can be exercised by contacting us as described in the "Submitting Requests" section below. We do not sell personal information about residents who we know are younger than 16 years old without opt-in consent.
- Initial notice: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
- Request to Delete: California residents have the right to request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies. The instructions for submitting a verifiable Request to Delete are described in the "Submitting Requests" section below. We will respond to verifiable requests received from California residents as required by law.
- Request to Correct: California residents have the right to request that we correct inaccurate personal information that we maintain.
- Request to Know: California residents have the right to request and,
subject to certain exemptions, receive a copy of the specific pieces of
personal information that we have collected, used, disclosed, and sold
about them in the prior 12 months and to have this delivered, free of
charge, either (a) by mail or (b) electronically in a portable and, to the
extent technically feasible, readily useable format that allows the
individual to transmit this information to another entity without
hindrance. California residents also have the right to request that we
provide them certain information about how we have handled their personal
information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties with whom we have shared their personal information;
- categories of personal information that we have sold in the preceding 12 months, and for each category identified, the categories of third parties to which we sold that particular category of information; and
- categories of personal information disclosed for a business purpose in the preceding 12 months, and for each category identified, the categories of third parties to which we disclosed that particular category of personal information.
California residents may make a Request to Know up to twice every 12 months. We will respond to verifiable requests received from California residents as required by law. The instructions for submitting a verifiable Request to Know are described in the "Submitting Requests" section below.
- Right to non-discrimination: The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents' data.
- Financial incentives: A business may offer financial incentives for the collection, sale or deletion of California residents' personal information, where the incentive is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offered and their material terms, the right to opt out of such incentives at any time and may not be included in such incentives without their prior informed opt-in consent. We do not offer any such incentives at this time.
Submitting requests. Do-Not-Sell (Opt-out) Requests, Requests to Know, and Requests to Delete may be submitted by contacting us via email at data.requests@transom.jp.
We will use the following process to verify Requests to Know, Requests to Delete, and Requests to Correct: We will acknowledge receipt of you Consumer Request, verify it using processes required by law, then process and respond to your request as required by law. To verify such requests, we may ask you to provide the following information:
- For a Request to Know categories of personal information which we collect, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you against information in our systems which are considered reasonably reliable for the purposes of verifying a consumer's identity.
- For a Request to Know specific pieces of personal information, Requests to Delete, or Requests to Correct, we will verify your identity to a high degree of certainty by matching at least three pieces of personal information provided by you to personal information maintained in our systems and also by obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.
An authorized agent can make a request on a California resident's behalf by providing a power of attorney valid under California law, or providing: (1) proof that the consumer authorized the agent to do so; (2) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete which are outlined above; and (3) direct confirmation that the consumer provided the authorized agent permission to submit the request.
For more information about our privacy practices, you may contact us as set forth in the Submitting requests section above.
Consumer Requests Received in 2022. In calendar year 2022, we received and responded to consumer requests under the CCPA as set forth in the table below:
Request Type |
Number of Requests Received |
Number of Requests With Which We Complied (in Whole or in Part) |
Number of Requests Denied |
Average Response Time (Number of Days) |
Requests to Know |
0 |
0 |
0 |
N/A |
Requests to Delete |
0 |
0 |
0 |
N/A |
Requests to Opt Out of the Sale of Personal Information |
0* |
0* |
0 |
0 |
*By selecting their cookie preferences, users can opt out our use of targeted cookies. This number represents the worldwide total number of requests to opt-out of targeted cookies. |
Additional Information for
Residents in Certain Jurisdictions
Asia and Australasia
Where the privacy law in your respective jurisdiction provides for certain rights to a data subject, you, as the person to whom the personal information relates to, would have such rights to your personal information.
Some of these rights, as may differ from countries to countries, are similar to the rights as described in the foregoing section on "Additional Information for Residents in Certain Jurisdictions: European Union / European Economic Area (EEA) / Dubai International Financial Centre".
We encourage you to contact us should you have any query on the specific rights available to you under the privacy law in your country, you can find contact information in clause 18 of the Privacy Policy. Some of these rights might be subjected to exemptions or limitations under the privacy law.
Right to lodge a complaint with your local supervisory authority
In most countries you also have the right to approach your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.
If you require contact details of the relevant local supervisory authority in your countries, you can approach us.
Additional Information for
Residents in Certain Jurisdictions
Mainland China
Where the privacy law in your jurisdiction provides for certain rights to a data subject, you, as the person to whom the personal information relates to, would have such rights to your personal information.
Some of these rights are similar to the rights as described in the foregoing section on "Additional Information for Residents in Certain Jurisdictions: European Union / European Economic Area (EEA) / Dubai International Financial Centre".
We encourage you to contact us should you have any query on the specific rights available to you under the privacy law in Mainland China, you can find contact information in clause 18 of the Privacy Policy. Some of these rights might be subjected to exemptions or limitations under the privacy law.
In addition to the "Right to personal information" stated above, a data subject also has the right to:
- request an explanation of our personal information processing rules;
- have their close relatives exercise the right to consult, duplicate, correct and delete the data subject's relevant personal information upon the data subject's passing on, in accordance with the provisions set out under the applicable law.
If you usually live in Mainland China, by continuing you also consent to the following:
- I agree and accept that the personal information provided will be shared with the categories of recipients as stated in the Privacy Policy
- I agree and accept that the personal information provided will be processed and/or stored outside the country I am in
- I agree and accept that the personal information provided may be sensitive personal information under the applicable law and I agree to the processing of such information as stated in the Privacy Policy
Right to lodge a complaint with your local supervisory authority
You also have the right to approach your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issue with us first, although you have a right to contact your supervisory authority at any time.
Please contact us if you require contact details of the relevant local supervisory authority.
This version was last updated: April 11, 2023.
© 2023 Transom. All rights reserved.