Privacy Policy

This policy was established and took effect on April 1, 2012.

Endor AG and Endor Japan (hereinafter called “Endor”) understands that customers entrust Endor with their Personal Information based on the trust that it will be used only for specific purposes. Endor respects the customers’ trust and places a high management priority on properly protecting such Personal Information and limiting its use to such purposes.
 
Based on the above recognition, Endor has established the following policies regarding handling of Personal Information and will continuously endeavor to handle it appropriately.
(*) This Privacy Policy is for Endor AG and Endor Japan.
Policies regarding Handling of Personal Information

Compliance 

1.Endor will comply with the applicable laws and regulations including “Act on the Protection of Personal Information,” obligations under the applicable ministerial guidelines and this Privacy Policy in handling Personal Information (information which can identify a specific individual).

Use within Specific Purpose(s) 

2.Endor will use Personal Information only within the scope necessary for the achievement of the purpose(s) of use which has been specified in advance, except for cases in which Endor has obtained in advance consent from the individual who provides his/her Personal Information (hereafter “the individual”) and for cases permitted under the related laws or regulations.

Obtaining Personal Information 

3.Endor will endeavor to clearly notify necessary information such as purpose(s) of use, names of user(s) as well as contact details and to obtain consent when asking for Personal Information. Endor may record in writing or in voice the contents of transactions and inquiries.

Personal Information of Customers Under Fifteen (15) Years Old

4.Endor will make special consideration for the handling of Personal Information of customers under fifteen (15) years old, e.g., to notify clearly in advance to ask such customer to provide Personal Information only upon guardian’s consent.

Security Control Measures

5.Endor will endeavor to maintain entrusted Personal Information to be accurate and updated to the extent necessary for the purpose(s) of its use. Endor will take necessary and appropriate security control measures in line with existing technical standards and will implement corrective actions as needed to protect entrusted Personal Information from unauthorized access, leakage, modification, loss, destruction, etc.
 

Supervision of Subcontractor(s)

 
6.Endor may subcontract the processing of entrusted Personal Information to a third party within the scope necessary for the achievement of the purpose(s) of use. Such third party will be selected after confirming sufficient level of information security, and Endor will exercise necessary and adequate supervision to the party by such means as making contracts.

Providing to Third Parties

7.Without the consent of the individual, Endor will not provide Personal Information to any third party, except for cases permitted under the related laws or regulations. Endor will not provide Personal Information to any third party, based on the “Opt-Out System” (Article 23.2 of the Act on the Protection Personal Information).

Request(s) for Review etc.

8.Endor will, based on the provisions of the related laws or regulations, properly respond to comment(s) and request(s) from the individual regarding handling of Personal Information such as to review, correct, stop receiving further product or service information from Endor, or to delete Personal Information of their own after confirming their identity. Please contact the appropriate customer center under the guidance of each company to which you have provided your Personal Information.

Continuous Improvement of Internal System 

9.Endor will continuously endeavor to improve internal compliance systems including appointing responsible officers for administration of Personal Information, updating this Privacy Policy through establishment of internal rules, education to directors, officers and employees, and appropriate internal audit to handle entrusted Personal Information properly.
 
* Endor will comply with the above Endor Policy as its own policy regarding Personal Information protection.
 
Thomas Jackermeier
Representative Corporate Executive Officer
President and CEO
Endor AG
 
Yoshihiko Sugahara
Representative Director
Endor Japan Kabushiki Gaisya
 

Microsoft 365

The Microsoft 365 services are provided by Microsoft Corporation (https://www.microsoft.com/de-de/rechtliche-hinweise/impressum) on the basis of a data processing agreement. This means that Microsoft also has access to your data to the extent necessary. The data center is located within the EU. However, due to the use of Microsoft products, it cannot be ruled out that your personal data will also be processed in third countries outside the European Union (EU). For this purpose, we have concluded a standard EU data protection contract in accordance with Art. 46 GDPR, see https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA .

In addition to the EU standard contract, further guarantees are part of the contractual level of protection.

To the extent that Microsoft processes Personal Data outside of the Data Processing Relationship in connection with Microsoft's legitimate business operations, Microsoft is its own controller for such use and as such is responsible for compliance with all applicable laws and obligations of a controller.

Further information on the type and scope of data processing by Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement and https://learn.microsoft.com/de-de/compliance/regulatory/gdpr-dsr-Office365?toc=%2Fmicrosoft-365%2Fenterprise%2Ftoc.json.

Use of Microsoft Forms

We use MS Forms to carry out surveys, evaluations and competitions. MS Forms is a Microsoft Office application from Microsoft Corporation. When using it, your answers (quantitative and qualitative) are generally processed on an anonymous basis, unless you voluntarily provide your personal data, such as contact details. Your contact data would then be used as previously declared in the survey, for example to take part in a competition. It will not be used for purposes not previously declared.

Further information on the type and scope of data processing by Microsoft can be found at https://support.microsoft.com/de-de/office/sicherheit-und-datenschutz-in-microsoft-forms-7e57f9ba-4aeb-4b1b-9e21-b75318532cd9

Storage duration:

We process and store the data until the purpose of the processing has been fulfilled, e.g. the raw data for the survey, evaluation in anonymous form is no longer required or we have successfully carried out any competition after sending/transmitting the prizes.

Legal basis for data processing:

Your data is processed on the basis of Art. 6 para. 1 lit. f and Art.6 para.1 lit. b (fulfillment of contract) GDPR, as we have a legitimate interest in maintaining and improving the customer relationship. If the survey is conducted within Endor AG, the legal basis is §26 para. 1 BDSG.