Japanese

GDPR Privacy Policy

MAG.NET CO., LTD (“Company”, “We”, “Us”) hereby establishes this GDPR privacy policy (“GDPR Policy”) in accordance with Regulation (EU) 2016/679 (“GDPR”), governing the handling of personal information (“Personal Information”) collected from users (“Users”, ”You”) residing within the European Economic Area (“EEA”) who use the Company’s services (“Services”).

To properly manage Users’ consent related to cookies, the Company has implemented a consent management platform (“CMP”). This CMP complies with the IAB Transparency & Consent Framework (“TCF”) version 2.2 and integrates with Google Consent Mode v2 to control the activation of analytics and advertising tags based on Users' consent status.

This GDPR Policy explains the types of information the Company collects and retains, how this information is used and shared, and the procedures by which Users can exercise their rights. If you do not consent to the processing (“Processing”) of your Personal Information as described in this GDPR Policy, please do not provide your Personal Information to the Company. In such cases, some website features or services may not be available to you.

Article 1 (Definitions)

The definitions of terms used in this GDPR Policy are as follows:
“Applicable Privacy Laws” refers to all privacy and data protection laws applicable to the Company including the EU General Data Protection Regulation (“GDPR”) and related national implementing legislation.
“Personal Information” means any information relating to an identified or identifiable natural person as handled by the Company (as defined in Article 3).
“Processing” means any operation or set of operations performed on Personal Information, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, combination, restriction, and erasure.
“Controller” means the natural or legal person, public authority, agency, or other body that alone or jointly determines the purposes and means of Processing Personal Information. The Company, including its group entities, acts as a data Controller under the GDPR.
“Data Protection Officer (DPO)” means the person appointed pursuant to Article 37 of the GDPR who is responsible for overseeing the Company’s data protection activities and ensuring compliance with GDPR requirements.
“Website” refers to https://magnet-global.net/en/.

Article 2 (Scope)

This GDPR Policy applies to the Processing of Personal Information subject to Applicable Privacy Laws. The Company acts as the data Controller for the Personal Information it processes.

Article 3 (Personal Information Collected)

  1. Types of Personal Information Collected

    The Company may collect the following categories of Personal Information from Users, business partners, applicants, employees, affiliates, and website visitors:

    1. Contact Information


      Name, company or organization name, department, position, address, telephone number, email address, etc.

    2. Technical Information

      IP address, cookies, operating system, browser type, device identifiers (such as serial numbers, MAC addresses), and technical/event-related data about device usage (including internet and Bluetooth connection information, session times, etc.)

    3. Other Information Provided by Users

      Opinions, inquiry contents, survey responses, and similar data.

  2. Sensitive Personal Information

    Unless otherwise required by law, the Company does not collect special categories of Personal Information (sensitive data), such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, or information regarding sexual life or sexual orientation.

  3. Obligation to Provide Personal Information

    To use the Services, Users are required to provide the following Personal Information:
    Required: Name, email address, contact information (for contract formation and identity verification)
    Optional: Marketing information, survey responses, and others
    If required data is not provided, the Company may be unable to provide Services or conclude contracts. Failure to provide optional data will not affect the basic availability of the Services.

Article 4 (Legal Bases for Data Processing)

The Company processes Personal Information based on the legal grounds set forth in Article 6 of the GDPR, as follows:

  • Consent obtained from the data subject (Article 6(1)(a)):

    Distribution of marketing emails, participation in voluntary surveys and campaigns.

  • Necessary for the performance of a contract (Article 6(1)(b)):

    Provision of products and services, fulfillment of contractual obligations with the Users.

  • Compliance with legal obligations (Article 6(1)(c)):

    Retention of accounting records, reporting obligations to tax authorities.

  • Legitimate interests pursued by the Company (Article 6(1)(f)):

    Business continuity, improvement and development of products and services, ensuring security, prevention and detection of fraud, business management, analysis, research, auditing, ensuring safety and access control of systems and offices, handling of litigation and legal claims, protecting rights of the Company or third parties.

Article 5 (Purposes of Using Personal Information)

  1. Primary Purposes

    The Company uses Personal Information for the following purposes:

    1. Service Provision


      Provision of products and services, business continuity, improvement, and development of products and services, optimization of website display, notification of service changes.

    2. Contract Management


      Fulfillment of contracts with employees, contractors, business partners, and others; recruitment management.

    3. Compliance


      Compliance with legal and regulatory obligations domestically and internationally; audit-related activities; compliance and audit response.

    4. Security


      Prevention and detection of fraud and crime; ensuring the security and access control of systems and facilities.

    5. Legal Protection

      Handling litigation and legal claims; protection of the rights of the Company or third parties.

    6. Marketing Activities

      Providing Users with updates, offers, and campaign information about the Company’s products and Services via email, post, phone, or other communication channels; data analysis for marketing research and customer satisfaction improvements; improvement of Services and advertising.
      Use of Personal Information for marketing purposes is based on Users’ consent. Users may unsubscribe (opt-out) from such communications at any time.

  2. Business Management

    Business management, data analysis, research, auditing, ensuring safety, and notification of policies.

  3. Other Legitimate Business Purposes

    If Personal Information is used for purposes other than those specified at the time of collection, the Company will notify Users of the new purposes and related information in advance.

Article 6 (Sharing and Transfer of Personal Information to Third Parties)

  1. Recipients of Personal Information

    The Company may share Personal Information with the following third parties:

    • Group companies of the Company (“Group Companies”)
    • Service providers, including IT service providers, marketing agencies, payment processors, and others
    • Legal authorities in cases where disclosure is required by law
    • Business successors in connection with mergers, acquisitions, or business transfers

  2. Transfer of Personal Information Outside the EEA

    The Company may transfer Personal Information to Group Companies or service providers located outside the European Economic Area (EEA) (e.g., in Japan).
    Japan has been recognized by the European Commission as providing an adequate level of data protection equivalent to that within the EEA.
    Where necessary, the Company implements additional security measures such as encryption and access controls.
    Data sharing with vendors and third parties located outside the EEA is appropriately controlled based on the User’s consent status, facilitated through the CMP.

Article 7 (Security Measures)

  1. Technical and Organizational Measures

    The Company implements appropriate organizational and technical security measures to prevent the leakage, loss, alteration, or unauthorized access of Personal Information, including but not limited to the following:
    - Access control limited to employees, agents, and service providers who require it for business purposes
    - Encryption of Personal Information at rest and in transit
    - Implementation of firewalls and intrusion detection systems
    - Regular security audits and risk assessments
    - Data protection training for employees
    - Strict confidentiality obligations

  2. Management of Service Providers

    When outsourcing operations, the Company contracts with its service providers to implement appropriate security measures and subjects them to regular oversight. Service providers are required to adhere to security standards equivalent to or higher than those of our company.

  3. Record of Processing Activities

    In accordance with Article 30 of the GDPR, the Company maintains records of all Personal Information Processing activities and provides them to supervisory authorities upon request.

Article 8 (Retention Period)

  1. Principle of Retention

    The Company will not retain Personal Information for longer than is necessary to fulfill the purposes for which it was collected.

  2. Deletion of Data

    Users may request the deletion of their Personal Information at any time, unless the Company is required to retain it under applicable laws or regulations. The Company will delete or anonymize Personal Information that is no longer needed in an appropriate and secure manner.

Article 9 (Use of Cookies and Similar Technologies)

  1. Use of Cookies

    The Company uses cookies and similar technologies to ensure the proper functioning of its website and to enhance user convenience. Users’ consent for such technologies is obtained, stored, and managed through an implemented CMP.

  2. About the CMP (Consent Management)

    The Company has adopted a CMP compliant with the TCF v2.2, which is also integrated with Google Consent Mode v2. Google Consent Mode v2 enables Google’s advertising and analytics tools to operate in accordance with users’ consent choices. For example, if a user declines consent, data may be processed in a non-identifiable manner or data transmission may be restricted.

  3. CMP Disclosure Items: Purpose, Vendors, and Legal Basis

    Upon the user’s first visit, clear options are presented, allowing them to choose “Accept,” “Reject,” or “Customize Settings.”
    Users may withdraw or modify their consent at any time via the CMP interface.

    Types of Cookies:

    • Essential (Functional) Cookies

      Purpose: Necessary for essential site functions, such as account creation and login.
      Legal Basis: Performance of a contract and legitimate interests (GDPR Article 6(1)(b), (f))
      Consent Collection: Not required

    • Analytical Cookies

      Purpose: To analyze website traffic and usage trends.
      Legal Basis: Consent (GDPR Article 6(1)(a))
      Consent Collection: Through CMP

    • Marketing Cookies

      Purpose: To deliver personalized advertisements and measure campaign effectiveness.
      Legal Basis: Consent (GDPR Article 6(1)(a))
      Consent Collection: Through CMP

    • Third-Party Cookies

      We may use third-party services such as:
      Google Analytics (with IP anonymization enabled)
      Other analytics or advertising platforms (listed within the CMP)

    • Withdrawal of Consent

      Users can withdraw their consent at any time through the CMP settings. Upon withdrawal, related cookies and tracking tags are automatically disabled.

    • Browser Settings

      Most browsers allow users to disable or restrict cookies. However, disabling cookies may affect website performance or certain features.

Article 10 (Automated Decision-Making and Profiling)

  1. Automated Decision-Making

    The Company does not currently engage in any fully automated decision-making that produces legal effects concerning Users or similarly significantly affects them, as defined under Article 22 of the GDPR.

  2. Profiling

    The Company may carry out limited profiling for marketing purposes, such as recommending products or services aligned with Users’ interests. Such Processing is carried out on the basis of the User’s explicit consent, which may be withdrawn at any time. If you would like more information about the data used for profiling, the underlying logic of the Processing, or its potential effects, please contact us via the contact details listed in Article 13. Should automated decision-making be introduced in the future, we will notify Users in advance and obtain their consent as required.

Article 11 (Response to Data Breaches)

In the event of a data breach such as the leakage, unauthorized access, alteration, or loss of Personal Information, the Company will take the following measures:

  1. Prompt Identification and Assessment

    Upon becoming aware of a data breach, we will promptly identify the situation and assess the scope and potential risks of the incident.

  2. Notification to Supervisory Authorities

    If there is a likelihood of risk to the rights and freedoms of individuals, the Company will notify the competent supervisory authority (data protection authority) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

  3. Notification to Data Subjects

    If the data breach is likely to result in a high risk to the rights and freedoms of individuals, we will notify affected Users without undue delay, as required under Article 34 of the GDPR. The notification will include the following information:
    - Nature of the data breach
    - Recommended measures for mitigation
    - Contact details of the Data Protection Officer or inquiry desk
    - Possible consequences of the breach

  4. Preventive and Corrective Actions

    We will analyze the cause of the data breach and implement appropriate technical and organizational measures to prevent recurrence.

Article 12 (Data Subject Rights)

In accordance with Articles 15 to 22 of the GDPR, Users have the following rights regarding their Personal Information.

  1. Right to Withdraw Consent (Article 7(3))

    When the Processing of Personal Information is based on consent, Users have the right to withdraw consent at any time. Such withdrawal does not affect the lawfulness of Processing carried out prior to the withdrawal.

  2. Right of Access (Article 15)

    Users have the right to request access to their Personal Information held by us and to obtain a copy of such data. The first access request will be provided free of charge.

  3. Right to Rectification (Article 16)

    Users have the right to request the correction or completion of inaccurate or incomplete Personal Information concerning them.

  4. Right to Erasure (“Right to be Forgotten”) (Article 17)

    Users have the right to request the deletion of their Personal Information in the following circumstances:
    - The Personal Information is no longer necessary for the purposes for which it was collected.
    - Consent is withdrawn and no other legal basis applies.
    - The Users objects to the Processing and there are no overriding legitimate grounds for applicable Processing.
    - The Personal Information has been unlawfully processed.
    - Deletion is required to comply with a legal obligation.
    However, we may refuse deletion if retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

  5. Right to Restriction of Processing (Article 18)

    Users have the right to request the restriction of Processing in the following cases:
    - During the period of verifying the accuracy of the Personal Information when contested.
    - When Processing is unlawful, but the Users request restriction instead of deletion.
    - When the data is no longer needed by us but is required by the Users for legal claims.
    - While verifying whether our legitimate grounds override the User’s objections.

  6. Right to Data Portability (Article 20)

    For Personal Information processed by automated means based on consent or contract, Users have the right to:
    - Receive their Personal Information in a structured, commonly used, and machine-readable format.
    - Request that such data be transmitted directly to another Controller, where technically feasible.

  7. Right to Object (Article 21)

    Users have the right to object, at any time, to the Processing of their Personal Information based on legitimate interests. Users may always object to Processing for direct marketing purposes, and such objections will be honored without exception. We will cease Processing unless we demonstrate compelling legitimate grounds that override Users’ interests, rights, and freedoms, or where Processing is necessary for legal claims.

  8. Procedure for Exercising Rights

    To exercise any of these rights, please contact us using the contact details provided in Article 13. We may request additional information to verify your identity.
    Response Period: We will respond within one month of receiving the request. In cases of complex or multiple requests, this may be extended up to three months, but we will notify you of the extension within one month.
    Fees: Exercising these rights is generally free of charge. However, if a request is manifestly unfounded or excessive (particularly repetitive requests), we may charge a reasonable fee or refuse to act on the request.

  9. Right to Lodge a Complaint with a Supervisory Authority (Article 77)

    Users have the right to lodge a complaint with a supervisory authority in an EU Member State at any time, in particular in the Member State of their habitual residence, place of work, or where the alleged infringement occurred. We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority.

Article 13 (Data Protection Officer and Contact Information)

  1. Data Protection Officer (DPO)

    We are currently not subject to the mandatory requirement to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR. However, we place the highest priority on the protection of our Users’ Personal Information and have established a dedicated department responsible for data protection. If it becomes necessary to appoint a Data Protection Officer (DPO) in the future, we will do so promptly and publish the details in this GDPR Policy.

  2. Contact Information

    For complaints, inquiries, or to exercise your rights as set forth in Article 12, please contact us at the address below.

    Personal Information Inquiry Desk
    Corporate Planning Division - Personal Information Inquiry Section
    Address: 6F Kanda Omiya Building, 1-23-1 Kanda Jinbocho, Chiyoda-ku, Tokyo 101-0051, Japan
    Email: personal-info@MAGNET-GLOBAL.NET
    Telephone: +81-3-6281-3320
    Business Hours: Weekdays 9:30–17:00 (Japan Standard Time)
    When making an inquiry, please provide the following information:

    • Name
    • Contact information (email address or phone number)
    • Details of your inquiry or type of right being exercised
    • Information for identity verification (if necessary)

    The Company will normally acknowledge receipt of your inquiry within five business days and respond appropriately thereafter.

Article 14 (External Links)

Our website may contain links (such as hyperlinks or banners) to websites operated by third parties.
We are not responsible for the content, privacy practices, or compliance with Applicable Privacy Laws of such third-party websites. When visiting any third-party website, we recommend that you review its privacy policy and terms of use carefully. The handling of Personal Information on third-party websites is the sole responsibility of the respective site operators.

Article 15 (Revisions to This GDPR Policy)

  1. Right to Amend

    The Company reserves the right to revise this GDPR Policy from time to time, as necessary, including to comply with changes in applicable laws and regulations, reflect modifications in our business operations, or respond to changes in the technical environment.

  2. Notification of Revisions

    When material changes are made, we will notify Users through appropriate means, such as posting a notice on our website or sending notification by email. For minor changes, the updated version published on our website shall constitute sufficient notice.

  3. User Responsibility

    Users are encouraged to check this GDPR Policy periodically to stay informed about any updates. Continued use of our services following revisions shall be deemed as acceptance of the amended GDPR Policy.

  4. Date of Last Revision

    This GDPR Policy was last revised on December 10, 2025.

Article 16 (Severability)

If any provision of this GDPR Policy is found to be contrary to law or held invalid, such provision shall be replaced with a valid provision that best reflects the original intent, to the extent permitted by law. The validity of the remaining provisions shall not be affected thereby.

Article 17 (Governing Law and Jurisdiction)

This GDPR Policy shall be governed by and interpreted in accordance with the GDPR and the laws of Japan.
Any disputes arising out of or relating to this GDPR Policy shall be subject to the exclusive jurisdiction of the court having jurisdiction over the location of our head office as the court of first instance. However, this provision does not limit the Users right to file a complaint with a supervisory authority in an EU member state.

If you have any questions or concerns regarding this GDPR Policy, please feel free to contact us using the contact details provided in Article 13.

Last Updated: December 10, 2025
Effective Date: December 10, 2025