PicoCELA Global Privacy Policy

                                    

Last Updated: February 19, 2026

1. Purpose

PicoCELA Inc. ("PicoCELA") is committed to protecting the privacy of Personal Data of its Workers, Customers, business partners, and other individuals. PicoCELA recognizes the importance of safeguarding personal information and complies with applicable privacy laws and regulations, including the Act on the Protection of Personal Information of Japan (APPI), the EU General Data Protection Regulation (GDPR), and relevant US state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA).

PicoCELA has implemented a global privacy program to establish and maintain high standards for creating, collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data. This Global Privacy Policy is the foundation of that program and describes the approach taken by PicoCELA when processing Personal Data worldwide.

                  

2. Scope

All PicoCELA employees, contractors, vendors, consultants, temporary agency workers, and other agents of any PicoCELA Group Company ("PicoCELA Workers") must comply with this Policy. This includes all personnel affiliated with third parties who may have access to any PicoCELA network or resource.

This Global Privacy Policy (the "Policy") applies globally to Personal Data that PicoCELA processes, whether by electronic or non-electronic means (e.g., paper or analog form). This includes personal information collected in connection with our business activities, service provision, marketing, and customer support regarding customers, users, website visitors, and business partners.

                  

3. Policy Statements

3.1 Adequate Safeguards for Processing of Personal Data

This Global Privacy Policy is intended to provide adequate safeguards for the processing of Personal Data entrusted to PicoCELA and transferred from countries requiring such protections. This helps enable PicoCELA to transfer Personal Data wherever it is needed globally to support its internal business processes or promote services and product functionality and improvement.

PicoCELA may transfer personal data to countries outside the EEA/UK (including Japan and the United States). When doing so, PicoCELA implements appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent mechanisms recognized under the GDPR.

3.2 Compliance with Applicable Law

PicoCELA shall comply with applicable Personal Data Protection and Privacy Laws and requirements worldwide. Where applicable Personal Data Protection and Privacy Laws require a higher standard of protection for Personal Data than presented in this Global Privacy Policy, the requirements of the applicable law shall prevail. Conversely, where applicable laws establish a lower standard, the requirements of this Global Privacy Policy shall prevail.

Where PicoCELA Workers have reason to believe that applicable law prevents PicoCELA from fulfilling its obligations under this Global Privacy Policy, they shall promptly inform the relevant legal or privacy department.

3.3 Privacy Principles

PicoCELA establishes the following privacy principles for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.

Fairness

PicoCELA shall process Personal Data in a fair, lawful, legitimate, and transparent manner. For individuals located in the EEA, the UK, and Switzerland, PicoCELA processes personal data under one or more of the following legal bases:

  • Performance of a contract;
  • Consent (e.g., marketing cookies, newsletter subscription);
  • Legitimate interests (e.g., service improvement, security measures);
  • Compliance with legal obligations; or
  • Protection of vital interests or public interest.

Purpose Limitation

PicoCELA shall only create or collect Personal Data for specific, explicit, and legitimate purpose(s). The categories of information we collect include:

  • Name, company name, department, title;
  • Email address, phone number, postal address;
  • Access logs, IP address, device identifiers, cookie data; and
  • Inquiry details, event/seminar registration information, and survey responses.

We use this information for the following purposes:

  • Service Provision & Contract Fulfillment: Providing products and services, preparing quotations/contracts/invoices, and operational notifications.
  • Marketing Communications: Sending service information, event/campaign announcements, and promotions.
  • Service Improvement & Product Development: Developing new features and creating statistical data.
  • Legal Compliance & Security: Preventing unauthorized access, maintaining audit logs, and responding to legal obligations.

Proportionality

PicoCELA shall only process Personal Data that is adequate, relevant, and not excessive for the purpose(s) for which it is processed.

Data Integrity

PicoCELA shall keep Personal Data accurate, complete, and up to date as is reasonably necessary for the purpose(s) for which it is processed.

Data Retention and Disposal

PicoCELA shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s) for which it was obtained, or where required by law. Thereafter, it shall be destroyed, deleted, anonymized, or removed from our systems.

Data Security

PicoCELA shall implement appropriate and reasonable physical, technical, and organizational measures to safeguard Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, use, or access. Measures include encryption using SSL/TLS, access control, monitoring/logging, and vendor oversight.

Use of Cookies and Similar Technologies

PicoCELA uses "Strictly Necessary Cookies" for basic site functionality, "Analytics Cookies" (e.g., Google Analytics 4) for performance improvement, and "Marketing Cookies". We do not activate analytics or marketing cookies without valid consent where required by law (e.g., GDPR regions).

Individual Rights

PicoCELA shall process Personal Data in a manner that respects individuals' rights under applicable Personal Data Protection and Privacy Laws.

  • GDPR/EEA/UK Rights: Right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, objection, and withdrawal of consent.
  • US State Privacy Rights (CCPA/CPRA, etc.): Right to know/access, delete, correct inaccuracies, opt-out of sale or sharing, and non-discrimination. Note: PicoCELA does not sell or share personal information as defined under the CCPA/CPRA.

Accountability

PicoCELA shall implement appropriate governance, policies, processes, and controls to demonstrate that its processing of Personal Data is in accordance with this Global Privacy Policy and applicable laws.

3.4 Availability of this Policy

PicoCELA will make this Policy available to data subjects by publishing it on a public-facing PicoCELA website.

3.5 Updates to this Policy

PicoCELA may periodically review and revise its privacy practices and this Global Privacy Policy. If significant changes are made, PicoCELA will take reasonable steps to inform affected parties, such as posting appropriate notices on the website.

3.6 Cooperating with Supervisory Authorities and Contact Information

PicoCELA will respond promptly and appropriately to requests from supervisory authorities regarding this Global Privacy Policy and privacy laws.

For privacy inquiries, requests regarding personal information, or to exercise your rights, please contact:

                  

4. Policy Compliance

PicoCELA is committed to ensuring that this Global Privacy Policy is observed by all PicoCELA Workers.

4.1 Compliance Management

PicoCELA maintains a privacy program responsible for monitoring and ensuring compliance with applicable privacy and data protection laws and this Policy.

4.2 Compliance Measurement

Compliance with this Global Privacy Policy is verified by various means, including internal and external audits and self-assessments. PicoCELA will monitor its compliance with this Policy on an ongoing basis.

4.3 Compliance Exceptions

Any exception to this Global Privacy Policy requires the written approval of the PicoCELA privacy officer or legal department.

4.4 Non-Compliance

Deviations or non-compliance with this Policy may result in disciplinary actions, including termination, civil action, and referral for criminal prosecution as allowed by local laws.

                  

5. Related Policies

  • Other relevant internal regulations
                  

6. Supporting Documents

  • Standard Contractual Clauses (SCCs)
  • Terms of Use
                  

7. Definitions

  • Personal Data:Any information relating to an identified or identifiable natural person ("data subject").
  • Personal Data Processing:Any operation performed on Personal Data, including creating, collecting, recording, storing, using, disclosing, analyzing, or deleting.
  • Business Personal Data:Personal Data processed by PicoCELA in a business context that is not HR/People Data.
  • PicoCELA Worker:Includes employees, contractors, and contingent workers.
  • Third-Party Processors:Parties that process data on behalf of PicoCELA using infrastructure or systems outside of PicoCELA's direct control. PicoCELA requires contractors to be bound by confidentiality obligations and appropriate data protection agreements.