Definitions for Terms
Throughout this policy the following terms have the following meanings:
‘consent’ means any freely given, specific, informed and unambiguous indication of an individual’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
‘data controller’ means an individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘data processor’ means an individual or organisation which processes personal data on behalf of the data controller;
‘personal data’ means any information relating to an individual who can be identified, such as by a name, an identification number, location data or an online identifier. Please refer to the section below regarding what comprise “personal data” within the scope of C.C. Consulting Co., Ltd.’s services;
‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data;
‘processing’ means any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage (including archiving), adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
All of these definitions are italicised throughout this policy to remind the reader that they are defined terms.
What is Personal data?
Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, telephone number, postal address, e-mail address, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our Legal Bases for Processing your Data Under GDPR
C.C. CONSULTING CO., LTD. processes personal data in relation to its own staff and candidates and is a data controller for the purposes of the Data Protection Laws.
C.C. CONSULTING CO., LTD. will only process personal data where it has a legal basis for doing so:
C.C. CONSULTING CO., LTD. requires that you give your consent to the processing of your personal data in relation to C.C. CONSULTING CO., LTD.’s services. We believe this explicit consent is essential for both C.C. CONSULTING CO., LTD. and you and ensures both parties clearly understand their rights and the intentions of all involved in the consultation process. This basis for processing is in accordance with Article 6(1)(a) of the GDPR, which states “[you] have given consent to the processing of his/her personal data for one or more specific purposes”
As the operator of the online job-board CareerCross, it is in both C.C. CONSULTING CO., LTD.’s interest and yours, as a candidate, for C.C. CONSULTING CO., LTD. to process your information in order to provide you with the most effective and efficient service. This basis for processing is in accordance with Article 6(1)(f) of the GDPR, which states "processing is necessary for the purposes of the legitimate interests pursued by [C.C. CONSULTING CO., LTD.] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data."
Whilst C.C. CONSULTING CO., LTD. does not require a formal contract to be signed by you, the candidate, we believe that there is an agreement between you and C.C. CONSULTING CO., LTD. for C.C. CONSULTING CO., LTD. to provide you with our services. This agreement is made explicit after you provide C.C. CONSULTING CO., LTD. with your personal information for the purposes of C.C. CONSULTING CO., LTD. providing you with services and after you provide your consent for C.C. CONSULTING CO., LTD. to hold and process your information. As such, in accordance with Article 6(1)(b) of the GDPR, C.C. CONSULTING CO., LTD. processes your personal information “for the performance of a contract to which the [you] are party or in order to take steps at the request of [you] prior to entering into a contract”.
Transfer of Information Internationally
C.C. CONSULTING CO., LTD.’s business is based in Tokyo Japan. Our databases are also located in Tokyo and as such, upon receipt of your personal information, it will be transferred quickly (and securely) to our systems hosted there.
In addition, CareerCross is a web site on the world wide web, where clients can access our services from anywhere in the world. As such you should be aware that your information may be downloaded by a client that is not resident in Japan.
Your Rights under GDPR
Under GDPR, the data subject has certain important rights. These include (but are not limited to) the following: