Site Policy

GDPR Privacy Policy

SBS Holdings, Inc. (hereinafter referred to as "the Company") and SBS Group companies (including the Company, collectively referred to as "SBS Group"*1) emphasise the privacy of personal information of customers, business partners, directors and employees of SBS Group, and other related parties (hereinafter referred to as "customers") and strive to protect this privacy in accordance with applicable laws and regulations governing the protection of personal information. This GDPR Privacy Policy (hereinafter referred to as the "Privacy Policy") shall apply only to the processing of personal data subject to EU General Data Protection Regulation (GDPR), and explains how SBS Group collects personal data of customers, the types of personal data collected, their uses, their shares, and their rights as data subject parties. Use of our website ( is subject to this Privacy Policy, so please read this Privacy Policy thoroughly to the end prior to using our website.

※1 Please refer to this for SBS Group companies covered by this Privacy Policy.


1.1 The definitions of terms in this Privacy Policy are as follows: The following definitions have the same meaning regardless of singular or plural.

Applicable privacy laws EU General Data Protection Regulation, the United Kingdom Data Protection Act (Data Protection Law), and the Act on the Protection of Personal Information of Japan
GDPR EU General Data Protection Regulations
EU The European Union (European Union), including Iceland, Liechtenstein and Norway, under the European Union Member States and the European Economic Area (EEA) Agreement.
Controller A natural person, corporation, public authority, agency, or other body which, alone or jointly with others, determines the purpose and means of processing of personal data. In this Privacy Policy the Company mean.
Personal data This refers to information related to an identified natural person or an identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject A natural person identified or identifiable whose personal data is processed by the controllers who process it
Processor Any natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller
Recipient Means any natural or legal person, public authority, agency or other body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU law or the national law of a Member State shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with applicable data protection rules according to the purposes of the processing.
Third party Any natural or legal person or entity, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data
Restrictions of processing Marking of stored personal data with the aim of limiting their processing in the future
Processing Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Profiling Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
Consent of data subject Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

2.Name and Address of Manager

Name of Manager: SBS Holdings, Inc.
Address: Sumitomo Fudosan Shinjuku Grand Tower 25F, 8-17-1 Nishi-Shinjuku, Shinjuku-ku, Tokyo
Our website:


3.1 Our website uses Cookies. Cookies are text files that are stored on your computer system through an Internet browser. Many websites and servers use Cookies. Cookies consist of a string that allows you to assign a website and server to a specific Internet browser in which it is stored. This allows browsed websites and servers to identify individual browsers that are data-intensive from other Internet browsers, including other Cookies. A unique Cookie ID can be used to recognise and identify a particular internet browser. By using Cookies, the Company can provide users of websites (hereinafter referred to as "users") with user-friendly services that are not possible without setting Cookies.

3.2 By using Cookies, the information and ads on our website can be optimised with the user in mind. This purpose is to make our website easier for users to use. For example, website users who use Cookies do not need to enter access data every time they visit a website. This is because Cookies are stored on the user's computer system through the website. Data subject can prevent Cookies from being set through our website at any time, depending on the corresponding settings of the Internet browsers used, and can permanently negate settings of Cookies. In addition, Cookies that are already configured can be removed at any time through an Internet browser or other software program. This can be done with all popular Internet browsers. If data subject disable settings of Cookies for their Internet browsers, not all features of our website are fully available.

3.3 Types of Cookies SBS Group uses
SBS Group may use Cookies such as the following:
(1)Classification by duration
①Session Cookies: Cookies that are erased when the user closes the browser ②Persistent Cookies: Cookies that remain on the user's computer/device for a predefined period of time (2)Classification by attribution
①First-party Cookies: Cookies that are configured by Web servers and share the same domain ②Third-party Cookies: Cookies stored by a domain other than the domain of the page you visited. Third-party cookies occur when a Web page refers to a file-such as a JavaScript that is outside that domain.

3.4 SBS Group uses Google Analytics provided by Google. SBS Group may collect and analyse user's browsing history based on Cookies set by SBS Group or Google and use them for grasping user's usage and for servicing SBS Group. For details on how Google handles data in Google Analytics, please visit the company website.
"Google use of data collected from sites and apps that use Google services":

4.Purposes of processing of personal data

4.1 Purpose of processing
SBS Group processes personal data for the following purposes:

i) Personal information on customers and business partners ①Performance of the consigned services relating to the business of SBS Group ②Various communications, business negotiations, conclusion of contracts, etc. necessary for business ③Planning, research, development and testing of new services and products in SBS Group's businesses; analysis and research of marketing data; statistical processing; and consideration of marketing measures ④Management of entry and exit to the facilities of SBS Group ⑤Business Partner Information Management, Payment and Revenue Processing ⑥Analysis of the Group's business operations and the improvement and improvement of the content of its services and products ⑦Response to various inquiries
ii) Personal information of applicants for employment ①Provision and communication of recruitment information, etc. to applicants ②Our recruitment management
iii) Personal information concerning employees, retirees, etc. ①Human resource management ②Payment of remuneration, salary, bonus, etc. ③Procedures such as social insurance and tax ④Communication and provision to labor unions, health insurance unions, corporate pension funds, affiliated companies, and companies to which they are seconded ⑤Procedures for Retirement ⑥Communication in case of emergency ⑦Notification and Reporting to Public Offices ⑧Notification, reporting, and communication to customers and business partners in charge ⑨Other procedures and communications necessary for business

4.2 Source of personal data
SBS Group will retrieve personal data from the following sources for the purpose of processing in 4.1 above.
①Acquisition directly from data subject (e.g. personal data on application form, etc.) ②Obtain indirectly from data subject (e.g., IP addresses obtained when viewing our website, etc.) ③Public information (information on the Internet) ④Social media (e.g. Twitter, LinkedIn, Facebook) ⑤Investigation Report Provided by Third Party

4.3 Type of personal data to be acquired
①Personal information ②Contract details regarding the products and services provided by the Company, personal usage history, and purchase history ③Contents of inquiries and corresponding history ④Financial Information ⑤Educational and occupational career ⑥Employee details

4.4 Provision and sharing of personal data
SBS Group may need to share personal data with the following third parties for the purpose of processing in 4.1 above. If this is necessary, SBS Group will comply with applicable privacy laws.

  • Other of SBS Group companies
  • Professional experts such as lawyers, tax accountants, and certified public accountants
  • Financial institutions
  • Current, past, and future employees
  • Service providers and suppliers

5.Legal basis for the processing

5.1 The legal basis for the processing is as follows:
①The data subject has given consent to the processing of its personal data for one or more specific purposes.
※If the process is subject to the consent of the data subject in ① above, the data subject has the right to withdraw this consent.
②Processing is necessary to fulfill a contract to which the data subject is a party, or to fulfill a procedure in response to a request from a data subject prior to the conclusion of a contract. ③When processing is required to comply with legal obligations to be followed by the Manager. ④When processing is required to protect the material interests of data subject or other natural persons. ⑤Where processing is necessary in the performance of work performed in the public interest or in the exercise of public authority conferred on the Controller. ⑥When processing is required for the legitimate interests pursued by SBS Group or third parties. However, unless the basic rights and freedoms of data subject, especially those seeking the protection of personal data where children are data subject, take precedence over such interests.
※If the legitimate profit in subsection ⑥ is the legal basis for processing, the following cases can be cited.

  • Marketing to customers (direct marketing)
  • Customer Service to Customers
  • Application for recruitment to SBS Group

6.Rights of data subject

6.1 In applicable privacy-related laws, including GDPR, data subject have the following rights:
(1)Information rights
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with certain information.
(2)Right of access
The controller shall provide a copy of any request from the data subject for access to the personal data undergoing processing.
(3)Right to rectification
The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him or her.
(4)Right to erasure (right to be forgotten)
In certain cases, data subject have the right to promptly obtain from the controller to erasure of personal data concerning him or her.
(5)Right to restriction of processing
In certain cases, data subject have the right to obtain from the controller restriction of processing.
(6)Right to receive notice of rectification, erasure, and restriction of processing of personal data
The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with (3) to (5) above to each recipient to whom the personal data have been disclosed. The controller shall inform the data subject about those recipients if the data subject requests it.
(7)Right to data portability
Data subject have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
(8)Right to object
The data subject has the right to object to the processing of its personal data on the basis of the need for processing for the purpose of legitimate interests pursued by the controller or a third party.
(9)Right not to be subjected to automated processing, including profiling
The data subject have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning hin or her or similarly significantly affects him or her. Note that SBS Group does not perform any automated processing, including profiling, of the personal data of data subject.

6.2 In addition to the rights mentioned in 6.1 above, data subject have the right to file complaints with the supervisory authority at any time regarding the processing of personal data by SBS Group. Nevertheless, the Company would be grateful if you could give us the opportunity to respond to complaints before you approach the supervisory authority. Please contact us in advance.

7.Security Control Measures

7.1 As an controller, SBS Group takes sufficient technical and organizational security control measures for the protection of personal data.

7.2 If data subject are concerned about specific data transfer methods, etc., SBS Group will take sufficient alternative measures.

8.Transboundary data transfer

8.1 SBS Group may transfer the personal data of data subject from offices (branches, representative offices, local subsidiaries, etc.) located in countries/regions in EU region to sales offices in Japan or to overseas offices of our other group companies. The personal data of the data subject to transfer includes the personal data of the customer and the personal data of the employees of the business office in EU area.

8.2 The transfer of personal data to Japan is based on the recognition of sufficiency with respect to cross-border data transfers obtained by Japan or the Standard Contractual Clauses already entered into by SBS Group.

8.3 The transfer of personal data to a third country other than Japan and EU (excluding countries and regions that have obtained an adequacy decision) shall be transferred by the method of concluding the Standard Contractual Clauses.

8.4 For details of the adequacy decision of Japan, please refer to the website of the European Commission (

9.Retention period of personal data

9.1 The retention period of personal data is the statutory retention period of the respective EU Member States and of Japan. After the expiration of the statutory retention period, personal data will be promptly and safely deleted unless required in connection with contractual and other processing purposes.

10.General Provisions

10.1 This Privacy Policy was last revised on October 0, 2022. SBS Group may change this Privacy Policy in accordance with laws and regulations, or depending on SBS Group policy. However, SBS Group will not use the personal data in a new way without consent of data subject.

To Top