Privacy Policy

This Privacy Policy outlines how we collect, process, and protect your Personal Data that we received from you or other entities including our business partners and social networking services. We comply with the German Federal Data Protection Act (BDSG), Regulation (EU) 2016/679 (GDPR) and the Japanese Act on Protection of Personal Information (APPI) in processing your Personal Data.

For questions about the processing of your Personal Data, please contact us, using the information below.

Section I - General information

Art. 1. (1)  Nissha Europe GmbH and Nissha Co., Ltd. (collectively, “we”, “us,” and “our”) process your Personal Data as controllers. The details of us are as follows:

Data Controller Information:

Name: Nissha Europe GmbH

Company No.: HRB 98177 ;

Headquarters: Frankfurter Str. 63-69, 4.OG, 65760 Eschborn, Germany

Address for correspondence: Frankfurter Str. 63-69, 4.OG, 65760 Eschborn, Germany

Phone: +49 6196 9673 10

Email Address: nissha@eedpo.com


Name: Nissha Co., Ltd.

Company No.: 436028;

Headquarters: 3 Mibu Hanai-cho, Nakagyo-ku, Kyoto 604-8551, Japan

Address for correspondence: 3 Mibu Hanai-cho, Nakagyo-ku, Kyoto 604-8551, Japan

Email Address: it-strategy@nissha.com

Section II - Key Terms and Definitions

Art. 2. (1) For this Privacy Policy, the following terms shall be understood as defined below:

  1. Personal Data: Any information relating to an identified or identifiable natural person. This includes direct identifiers such as name, ID number, and email address; location data such as physical address and GPS coordinates; online identifiers including IP address, cookie IDs, and device IDs; personal characteristics such as age, gender, and date of birth; and financial information like credit card details and bank account numbers.
  2. Processing: Any operation performed on Personal Data, whether automated or manual, including collecting and recording, organizing and storing, using and analyzing, sharing or transmitting, and deleting or destroying Personal Data.
  3. Data Subject: The natural person whose Personal Data is being processed. This includes website visitors, customers and clients, newsletter subscribers, and account holders interacting with our services.
  4. Data Controller The entity (our company)determines why and how Personal Data is processed, what Personal Data is collected, how long data is kept, and who can access Personal Data under applicable regulations.
  5. Consent: An explicit affirmative action indicating an agreement to data processing, which the Data Subject must freely give without pressure, specific to each purpose, informed and unambiguous, and easy to withdraw at any time.
  6. Cookies: Small text files placed on your device that help us remember your preferences, understand how you use our site, improve our services, and provide relevant content tailored to your interests.
  7. Security Measures: We take technical and organizational measures to protect data, including encrypting sensitive data, implementing access controls and authentication, conducting regular security assessments, and training staff on data protection protocols.
  8. Legitimate Interest: A lawful basis for processing Personal Data where the processing is necessary for the purposes of the legitimate interests by us or by a third party, provided these interests do not override the fundamental rights and freedoms of the Data Subject. This includes fraud prevention, network security, and business development activities.

Section III - Principles for Personal Data Collection, Processing, and Storage

Art. 3 (1) We adhere to these fundamental principles when collecting, processing, and storing your Personal Data:

  1. Lawfulness, Fairness, and Transparency:
    We process your Personal Data in accordance with applicable laws, particularly the German Federal Data Protection Act (BDSG), Regulation (EU) 2016/679 (GDPR) and the Japanese Act on Protection of Personal Information (APPI). We are transparent about our data processing activities and provide clear information about how we use your Personal Data.
  2. Purpose Limitation:
    We only collect and process your Personal Data for specified, explicit, and legitimate purposes. Your data will not be processed in ways incompatible with these stated purposes.
  3. Data Minimization:
    We collect only your Personal Data that is directly relevant and necessary for the specified purposes. We avoid collecting excessive information and regularly review our data collection practices.
  4. Storage Limitation:
    We retain your Personal Data only for the duration necessary to fulfill the purposes for which it was collected, comply with legal obligations, or protect our legitimate interests. We implement systematic data review and deletion procedures.
  5. Accuracy and Currency:
    We take reasonable steps to ensure that your Personal Data remains accurate, complete, and up to date. We provide mechanisms for you to review and correct your information and promptly address any inaccuracies.
  6. Integrity and Confidentiality:
    We implement appropriate technical and organizational Security Measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

(2) We may process and store your Personal Data to protect legitimate interests and fulfill legal obligations, including compliance with relevant regulations relating to the following authorities:

  1. German Tax Authorities (Bundeszentralamt für Steuern)
  2. German Federal Financial Supervisory Authority (BaFin)
  3. Japanese National Tax Agency (国税庁)
  4. Japanese Financial Services Agency (金融庁)
  5. Other relevant regulatory authorities in Germany and Japan

(3) We regularly review and update our data processing practices to ensure continued compliance with evolving data protection regulations in both jurisdictions.

Section IV - Purposes and Legal Basis for Processing your Personal Data

Art. 4 We process the following categories of your Personal Data for the purposes and based on the legal basis set out below:

  1. Contact details (name, phone, address, etc.)

The purpose for which your Personal Data is processed:

To communicate with you to carry out business activities .

The legal basis for processing your Personal Data:

Processing is based on our legitimate interests to execute essential procedures before signing a contract at the request of a potential customer or partner, provide our services and carry out business development and professional communication.

  1. User experience data (frequency of visits, last visit, time spent on site, pages viewed, iterations with the website, etc.)

The purpose for which your Personal Data is processed:

To enhance the content and layout of particular pages in a user-created environment, customize the environment for the user, enhance your satisfaction with services, and augment the offered services.

The legal basis for processing your Personal Data:

Processing is based on your consent. You may withdraw your consent by modifying your cookie preferences anytime by clicking the cookie icon in the bottom left corner, where you can enable/disable specific cookie categories or all cookies except for strictly necessary cookies.

  1. Service Usage Data (Login timestamps, feature utilization metrics, document generation history, service preferences, interaction patterns with platform tools, and session duration)

The purpose for which your Personal Data is processed:

To analyze service usage patterns and optimize our business offerings.

The legal basis for processing your Personal Data:

Processing is based on our legitimate interests to improve and develop our services.

  1. Marketing and Communication Data (Newsletter Subscription) - Email address.

The purpose for which your Personal Data is processed:  

To send newsletters, updates on new products, and promotions.

The legal basis for processing your Personal Data:

Processing is based on your consent. You may withdraw your consent by clicking the "Unsubscribe" link in marketing communications or by contacting us.

Regarding 1 and 3 above, you may obtain information on the balancing test on legitimate interest by contacting us, using the information indicated in Section I above.

Section V - Data Retention Periods

Art. 5 (1) We retain your Personal Data only for the period necessary to achieve the specified processing purposes outlined in this Privacy Policy, following the principle of storage limitation under German Federal Data Protection Act (BDSG), Regulation (EU) 2016/679 (GDPR) and the Japanese Act on Protection of Personal Information (APPI).

(2) Following applicable legal requirements and our data minimization principle, we maintain the following retention periods:

  1. Business Profile Information - Retained for 10 years from the last business interaction, in compliance with German Commercial Code (HGB) requirements for business records and Japanese Companies Act document retention obligations.
  2. Service Usage Data - Retained for 3 years from the date of collection. After this period, data is anonymized for statistical analysis following our legitimate interests in business development and service improvement.
  3. Contact Details - Retained for 6 years after the last interaction for potential legal claims under German Civil Code (BGB) limitation periods. We have maintained these records for 5 years, following commercial law requirements for Japanese jurisdiction.
  4. Authentication Data - Retained for the duration of the active business relationship plus 1 year after account closure for security purposes and fraud prevention.

(3) Extended retention periods may apply in the following circumstances:

  1. Legal obligations requiring longer retention;
  2. Establishment, exercise, or defense of legal claims;
  3. Regulatory compliance requirements or
  4. Legitimate business interests - for example Financial reporting and auditing, risk assessment and management, security incident investigation and prevention;

(4) Upon expiration of the applicable retention period, your Personal Data is:

  1. Securely deleted using industry-standard methods;
  2. Anonymized following technical standards; or
  3. Archived with restricted access if required by law.

(5) You may request information about specific retention periods applicable to their data by contacting us, using the information indicated in Section I above.

Section VI – Your Rights

Art. 6 (1) You may have the right to withdraw your consent for data processing by contacting, using the information indicated in Section I above. You can withdraw your consent for specific processing activities.

(2) Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal.

Art. 7 You may have the right to obtain confirmation of whether your Personal Data is being processed and access to such Personal Data.

Art. 8 You may have the right to obtain rectification of inaccurate Personal Data and completion of incomplete Personal Data.

Art. 9 You may have the right to request erasure of your Personal Data, when certain conditions are met, including but not limited to when it is no longer necessary; consent is withdrawn with no other legal basis existing; you object to processing and there are no overriding legitimate grounds for the processing; or your Personal Data has been unlawfully processed.

Art. 10 You may have the right to receive their data in a structured, machine-readable format and transmit it to another controller, where processing is based on consent or performance of a contract.

Art. 11 You may have the right to object to processing your Personal Data when the processing is based on legitimate interest.

Art. 12 You may have the right to restrict the processing of your Personal Data when certain conditions are met.

Art. 13 (1)You may exercise any of the rights by contacting us, using the information indicated in Section I.

(2) If a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will notify the relevant supervisory authority, without undue delay and, where feasible, within 72 hours of becoming aware of breaches, unless the personal data breach is unlikely to result in a risk to the rights and freedoms.

Section VII - Data Recipients and International Transfers

Art. 14 (1) Your Personal Data may be processed by authorized internal personnel, including customer service, accounting, and legal departments to fulfill our contractual obligations and ensure website functionality. Your Personal Data may also be transferred to our affiliates (click here for full details).

(2) Your Personal Data may be disclosed to technical service providers (providing website maintenance, website analytics, performance monitoring, and hosting services), professional service providers such as tax advisors and legal consultants, and public authorities when required by German or Japanese law. These service providers and the authorities are located in Germany or Japan.

(3) Your Personal Data may also be transferred to Cloudflare's content delivery network (CDN) that provides services to optimize website performance and security. Your Personal Data may be processed through Cloudflare's servers, which are located globally to provide optimal service based on your geographic location. The specific server location processing your Personal Data will depend on your location and the nearest Cloudflare data center.

(4) Contractual confidentiality obligations bind all data recipients. They must comply with applicable data protection regulations.

(5) We ensure all third-party data processors implement appropriate technical and organizational measures to protect your data.

Art. 15 (1) We may process your Personal Data within and outside the European Economic Area (EEA), specifically in Germany and Japan, in compliance with Chapter V of GDPR and applicable local regulations.

(2) We implement appropriate safeguards for international transfers through Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions for eligible jurisdictions.

(3) You may obtain more details of the protection given to your Personal Data when it is transferred outside the EEA by contacting us, using the information indicated in Section I above.

Section VIII Final Provisions

Art. 16 (1) If you believe your data protection rights have been violated, you may contact us, using the information indicated in Section I above to resolve the issue.

(2) You have the right to complain to us or the following supervisory authorities or other competent data protection authorities in the EEA

In Germany: The Federal Commissioner for Data Protection and Freedom of Information (BfDI - Bundesbeauftragte für den Datenschutz und die Informationsfreiheit) or your relevant State Data Protection Authority (Landesdatenschutzbeauftragte).

In Japan: The Personal Information Protection Commission (PPC - 個人情報保護委員会).

Art. 17 (1) We may update this Privacy Policy and will ensure that all users of the online store are appropriately informed.

(2) Any changes or updates to this document will take effect under one of the following conditions, whichever comes first:

  1. We will explicitly notify you, and if you accept the changes within 14 days, they will apply to you.
  2. The updated policy will be published on our website. If you do not express your rejection within 14 days, it will be considered accepted.
  3. You explicitly accept the changes by visiting our website or taking any action that shows your consent.

Art. 18 This Privacy Policy will take effect on 04.01.2025.