Privacy Policy

Below is the privacy policy established by Drive Japan.

This privacy policy outlines the nature, scope, and purpose of the processing of personal data (“data”) within our online services, including our website, its features and content, and any external online presences, such as our social media profiles (collectively referred to as the “online services”). For terms like “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller
Drive Japan, Germany

Types of Processed Data:

• Contact data (e.g., name, email, phone numbers)
• Content data (e.g., text inputs, photographs, videos)
• Usage data (e.g., websites visited, content interests, access times)
• Meta/communication data (e.g., device information, IP addresses)

 

Purpose of Processing:

• Providing the online services, its features, and content
• Responding to contact inquiries and communicating with users
• Implementing security measures
• Conducting reach measurement/marketing activities

 

Relevant Legal Bases: In accordance with Article 13 GDPR, we inform you about the legal bases for our data processing activities. For users within the GDPR’s scope (i.e., the EU and the European Economic Area, EEA), the following applies if the legal basis is not mentioned in the privacy policy:

• The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR.
• The legal basis for processing related to the performance of our services, executing contractual measures, and responding to inquiries is Art. 6(1)(b) GDPR.
• The legal basis for processing required to comply with our legal obligations is Art. 6(1)(c) GDPR.
• The legal basis for processing necessary to safeguard our legitimate interests is Art. 6(1)(f) GDPR.

In accordance with Art. 32 GDPR, we implement appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, considering the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.

We take precautions to protect your information both online and offline. When sensitive information is submitted via the website (excluding credit card data, which is processed directly by PayPal and never accessed by us), it is encrypted and securely transmitted. You can verify this by looking for a closed lock icon in your web browser or “https” in the website address. Additionally, we protect your information offline; only employees who need the information for specific tasks (e.g., billing or customer service) have access to personally identifiable information. The servers storing this information are kept in a secure environment.

Collaboration with Processors and Third Parties:

If we disclose data to other persons or companies (processors or third parties), transmit data to them, or otherwise grant them access within the scope of our processing activities, this is done only based on legal permission (e.g., if transferring data to third parties, such as payment service providers, is necessary for contract performance), with your consent, due to a legal obligation, or based on our legitimate interests (e.g., when using agents, web hosts, etc.).

Transfers to Third Countries:

If we process data in a third country (i.e., outside the European Union or the European Economic Area) or if this occurs in connection with the use of third-party services, disclosure, or transfer of data to third parties, this will only take place if it is necessary to fulfill our (pre)contractual obligations, with your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the requirements of Art. 44 ff. GDPR are met. This means that processing is based, for example, on special guarantees, such as the officially recognized assessment of a level of data protection equivalent to that of the EU (e.g., through the Privacy Shield for the USA) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects:

You have the right to confirm whether or not personal data concerning you is being processed and, where applicable, to access your personal data and the information specified in Art. 15 GDPR.

You have the right, in accordance with Art. 16 GDPR, to request the completion of incomplete personal data or the correction of inaccurate personal data concerning you.

In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data without undue delay or, alternatively, to request a restriction of processing in accordance with Art. 18 GDPR.

Cookies:

Cookies are text files placed on your computer to collect standard internet log information and visitor behavior data. This information is used to track website usage and compile statistical reports on website activity. Cookie usage is not linked to any personally identifiable information on our site. We use two types of cookies: analytics cookies and site cookies. Site cookies are essential for processing your order and using the website.

Other Websites:

We use a payment processing company to bill users for goods and services and an email notification company to send order notifications. These companies do not retain, share, store, or use personally identifiable information for any secondary purposes beyond fulfilling your order, and they are GDPR-compliant where required by law.

If you believe we are not abiding by this privacy policy, please contact us immediately via form, WhatsApp, or Messenger (see FAQ).