GDPR PRIVACY POLICY
Vasco Da Gama Offices (“Our Firm”) will comply with this GDPR privacy policy set forth below (this “Policy”) as well as any applicable related laws and regulations in handling personal information. This includes the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and equivalent laws of the UK (collectively, the “GDPR”).
This Policy is applicable only to personal data concerning data subjects (“you” or “your”) in the member states of the European Union and the three EEA/EFTA states - Iceland, Liechtenstein and Norway and the UK (collectively, the “EEA”). This GDPR Privacy Policy shall apply together with our Privacy Policy, but the in case of the contradiction, this GDPR Privacy Policy will prevail.
Unless otherwise specified herein, the terms used in this Policy shall have the same meaning as the definitions of those terms contained in the GDPR.
1. Collection and Processing of Personal Data
- We will collect personal data through lawful and appropriate means only to the extent necessary to achieve the purpose of use set forth in this Policy, and will use such personal data appropriately.
- We will collect and process the following types of personal data for the purposes described in Article 3:
- Contact details (e.g., name, title, email address, phone number, fax number, postal address, company name, office address, etc.);
- Demographic information (e.g., gender, age, nationality);
- Identification information (e.g., a copy of passport, drive’s license, national identity card, health insurance card);
- Financial and payment information (e.g., bank account details, credit/debit card numbers, security code numbers and other related billing information);
- Information related to matter details (e.g., your communication with us, information relevant to any dispute, investigation, and any other legal procedure, etc.);
- Information about related parties (e.g., personal data of an adverse party, associated party, interviewee, investigation target, etc.);
- Information about your interactions with our services, promotions, or advertising, as well as any views or opinions you share with us; and
- Information about your use of our websites (e.g., cookies, IP address, time zone, device type, access logs, web beacons, page response times, visit duration, and page interaction data).
- In addition to the above, please note that we may need to collect certain sensitive personal information to provide our legal services, including racial or ethnic origin, political opinions, religious beliefs, trade union activities, health information, sexual orientation, or details of criminal offences.
- The collection of personal data is necessary in order to enter into a contract and for Our Firm to provide you with the services listed under. In case of failure to provide us with the required information, you will not be able to enter into a contract with Our Firm, and any existing contractual agreement might be terminated.
- In compliance with regulations set by the Japan Federation of Bar Associations, we are required to verify your identity (Know Your Client procedures) before providing legal advice for the first time. We kindly ask for your understanding, as we may not be able to offer our services if the necessary personal information is not provided.
2. Legal Bases for Processing of Personal Data
We will process your personal data on the following legal basis:
- Your consent has been given for one or more specific purposes. While you have a right to withdraw consent at any time, such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
- Processing is necessary for the performance of the contract concluded between you and Our Firm, or in order to take steps at your request prior to entering into such a contract;
- Processing is necessary for compliance with legal obligations to which Our Firm is subject; and
- Processing is necessary for the purposes of the legitimate interests pursued by Our Firm or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
3. Purposes and Legal Bases of Processing of Personal Data
We will use personal data only to the extent necessary for the purposes set forth below. We will not use personal data for any other purpose unless such purpose is separately notified or publicly announced, agreed by the data subject of such personal data, or except otherwise permitted by the GDPR or any other relevant law or regulation. Subject to the specifications outlined in this Article, you are under no obligation to provide your personal data to us, whether as a statutory or contractual requirement.
Purpose of Processing |
Legal Basis of Processing |
---|---|
1. Providing legal advice, case handling, or any other legal services; |
|
2. Sending newsletters or providing any other legal information, etc.; |
|
3. Providing information related lectures, seminars, study groups or any other events; |
|
4. Sending New Year’s cards, greeting letters or any other information about Our Firm; |
|
5. Responding to various inquiries, etc.; |
|
6. Administration of Our Firm (e.g., client identity verification, record-keeping, accounting, and invoicing) |
|
7. Recruitment and selection of attorneys, interns or staffs, etc. and personnel management after acceptance of such attorneys, intern or staffs, etc.; and |
|
8. Analyzing website visitor interests and improving our services and website functionality. |
|
9. Performing any other business incidental to those mentioned above. |
|
4. Provision of Personal Data to Third Party
We may share your personal data with the following categories of recipients:
- Service providers, such as external professional advisors and IT service providers; and
- Relevant parties, such as competent authorities, law enforcement agencies, or courts, to the extent necessary to provide our professional services or comply with applicable laws and regulations.
5. Transfers to Third Countries Outside EEA
Your personal data may be transferred to, accessed in, or stored in countries or territories outside the EEA. These countries might not provide the same level of data protection as the EEA. However, we only transfer personal data to countries that the EU Commission or UK government, as applicable, has deemed to offer an adequate level of data protection, such as Japan. Alternatively, we ensure that recipients uphold an adequate level of data protection by implementing safeguards, such as data transfer agreements based on Standard Contractual Clauses adopted under the GDPR. For more information, please contact us using the details provided in Article 10 of this Policy.
6. Safety Management of Personal Data
We will endeavor to keep the personal data accurate and up-to-date within the scope of the purpose of use, and will take necessary and proper safety management measures in order to prevent any leakage, loss, or damage of personal data handled by Our Firm.
7. Supervision of Employees, etc.
We will provide our employees with appropriate training and supervision on the proper handling of personal data. Further, if we entrust the handling of personal data to any third party, we will select the subcontractor who has taken appropriate safety management measures, and will properly supervise such subcontractor to ensure that it properly handles the personal data.
8. Retention of Personal Data
Our Firm will retain your personal data for the period necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law or regulations, or necessary to address potential legal claims, in which the relevant data will be retained until such claims are resolved or the applicable limitation period expires.
9. Data Subjects Rights and Procedures for Personal Data Disclosure, etc.
- You have the following rights under the GDPR. However, please note that these rights are subject to certain exceptions under the GDPR and any applicable laws and regulations.
- The right to obtain confirmation of whether or not your personal data is being processed, and to access to or a copy of your personal data;
- The right to request the rectification of inaccurate personal data (if any);
- The right to erasure of your personal data where: (i) such personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (ii) you withdraw consent to our processing solely based on your consent; (iii) you object to our processing and there are no overriding legitimate grounds for such processing; (iv) our processing is unlawful; or (v) your personal data has to be erased in compliance with a legal obligation.
- The right of restriction of processing your personal data where: (i) you contest the accuracy of your personal data; (ii) our processing is unlawful and you select to restrict our processing instead of requesting erasure of your personal data; (iii) you request us to establish, exercise, or defend legal claims requiring your personal data that is no longer necessary for the purposes of our processing; or (iv) you exercise the right to object to our processing and wait for the verification on whether we have overriding legitimate grounds.
- The right to object to processing of your personal data where our processing is based on the exercise of the public interest or our official authority, our legitimate interests, or for direct marketing purposes;
- The right to receive your personal data provided to us in a structured, commonly used, and machine-readable format, and to transmit those data to a third party you designate, provided that the processing is based on your consent or a contract with you.
- The right to withdraw your consent at any time to the processing of your personal data that we have collected. However, please note that such withdrawal does not affect the lawfulness of any processing performed pursuant to the consent given prior to the withdrawal. Furthermore, we may still be entitled to process your personal data if other legal grounds apply.
- The right to lodge a complaint with a competent supervisory authority.
- When we receive any related your request, we will, upon the identity verification of you, respond to such request properly and in good faith in accordance with the GDPR and any other applicable law and regulation.
Please be noted that, if such request does not meet any of the requirements under the GDPR or any other applicable laws or regulations, or if there is any ground for a refusal under the GDPR or any such laws or regulations, such request may not be fulfilled. - Further, please also be noted that a reasonable fee may be charged taking into the administrative costs for handling your request, to the extent permitted by the GDPR and other applicable laws or regulations.
10. Contact for Inquiries regarding Handling of Personal Data
For any application set forth in the preceding Article, or any other complaint or inquiry in relation to handling of personal data, please contact our contact address below:
Vasco Da Gama Offices
Person in Charge for Personal Information Related Matters
Akasaka Moriyama Building, 2-11-15 Akasaka,
Minato-ku, Tokyo, 107-0052, Japan
We can also be reached by email via
this email address.
11. Amendment of This Policy
We will review the operations of our handling of personal data from time to time, and may amend this Policy as needed, in whole or in part, without any prior notice. The updated Policy will be published by posting on this website and such updated Policy will take effect from the date of such publication.
Last Updated: January 21, 2025