Privacy Policy

Controller Information

The controller and operator of this website is:

Personal Data We Collect

We collect the following categories of personal data through this website:

Data submitted via the contact form

• Company name
• Full name
• E-mail address
• Phone number
• Industry
• Enquiry contents (requirements, volume, timeline, etc.)

Automatically collected data

• IP address
• Browser type and version
• Access timestamp
• Referring URL

This information is automatically logged by our hosting provider (Netlify, Inc.) for technical and security purposes.

Purposes of Processing

We use personal data for the following purposes only:

1. Responding to enquiries and communications
2. Preparing and sending quotations and proposals
3. Contract performance, delivery, invoicing and related administration
4. Compliance with applicable legal obligations (tax, accounting)
5. Internal service-quality analysis (aggregated, non-identifying form)
6. Security and prevention of website abuse

We do not use personal data for any purpose beyond those listed above. If purposes change, we will update this Policy accordingly and notify affected users where required.

Legal Basis (under GDPR)

As FINEPACK SE is established in the Czech Republic (EU), the processing of your personal data is also governed by the EU General Data Protection Regulation (GDPR). The legal bases are:

• Performance of a contract (Art. 6(1)(b) GDPR) — preparing quotations, concluding and performing contracts
• Compliance with legal obligations (Art. 6(1)(c) GDPR) — retention obligations under Czech tax and accounting law
• Legitimate interests (Art. 6(1)(f) GDPR) — responding to enquiries, maintaining website security
• Consent (Art. 6(1)(a) GDPR) — consent given at the time of form submission

Third-Party Recipients and Processors

We do not sell or disclose your personal data to third parties except as described below.

Processors (service providers)

We engage the following processors to the extent necessary for our operations. We have entered into Data Processing Agreements (DPAs) and, where applicable, Standard Contractual Clauses (SCCs) with each of them.

Access within the FINEPACK group

Personal data received from Japanese enquirers is accessed only by authorised staff at FINEPACK SE (Czech Republic, EU). Our group entities outside the EU (United States, United Kingdom, France, Germany, Sweden) do not have access to Japanese enquiry data.

Disclosure required by law

If disclosure is mandated by a court order, tax authority, or other competent legal authority, we may disclose personal data to the extent strictly necessary.

Cross-Border Data Transfers

Your personal data will be transferred outside Japan. The main destinations are:

Transfer to the EU (Czech Republic)

As FINEPACK SE is based in the Czech Republic, all enquiries received from Japan are processed at our EU headquarters.

Transfer to the USA (via processors)

As noted above, we use cloud services from US-based processors (Netlify, Microsoft, Google). We have concluded EU Standard Contractual Clauses (SCCs) and DPAs with each such processor, providing GDPR- and APPI-compliant safeguards for data transferred to the United States.

Retention Periods

We retain personal data for the following periods:

• Enquiries that did not result in a contract — 3 years from last contact
• Customer data after contract conclusion — 10 years after contract termination (mandatory Czech tax-law retention)
• Server logs (IP addresses etc.) — up to 6 months

After expiry of the applicable retention period, personal data is deleted or anonymised without undue delay.

Security Measures

We have implemented appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

Organisational measures

• Designated person responsible for personal data handling
• Training of staff with access to personal data
• Access restricted to staff based in the EU

Technical measures

• SSL/TLS encryption (HTTPS) for all transmissions
• Encryption of data at rest
• User authentication and password policies
• Regular backups and documented incident response procedures

Physical measures

• Access control to offices and server facilities
• Theft- and loss-prevention measures for work equipment

Your Rights

You have the following rights in respect of your personal data:

• Right of access — obtain confirmation and a copy of data we hold about you
• Right to rectification — correct or complete inaccurate data
• Right to erasure — request deletion of your data
• Right to restrict processing — request limitation of processing
• Right to object — object to processing based on legitimate interests
• Right to data portability (under GDPR) — receive your data in a structured, commonly used format
• Right to withdraw consent — for processing based on consent, withdraw it at any time

To exercise any of these rights, or if you have questions or complaints about our handling of personal data, please contact us using the details below.

Supervisory Authorities

If you are dissatisfied with our handling of your personal data, you may lodge a complaint with a supervisory authority:

Japan

Personal Information Protection Commission (PPC)
Address: Kasumigaseki Common Gate West Tower 32F, 3-2-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-0013
Website: https://www.ppc.go.jp/en/

EU (Czech Republic)

Office for Personal Data Protection (Úřad pro ochranu osobních údajů)
Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
Website: https://www.uoou.gov.cz/en

Changes to This Policy

We may update this Privacy Policy from time to time to reflect legislative changes, changes to our operations, or improvements to data protection. Updates take effect from the date they are published on this page. Material changes will be announced on our website's home page.