Privacy Policy Regarding GDPR

1.Privacy Statement of Our Company

The protection of customers' personal information is of utmost importance to BYEBYEBUY LTD(hereinafter referred to as "our company")and its affiliated companies located in the European Economic Area (hereinafter referred to as "EEA")(collectively referred to as the "BYEBYEBUY LTD").This Personal Information Protection Policy (hereinafter referred to as the "Policy")explain show the BYEBYEBUY LTD,as a data controller,will collect and process the personal information you submit or disclose to the BYEBYEBUY LTD.We also process personal information received or obtained from third parties as a controller.We will handle such personal information in accordance with applicable EU and member state data protection laws,particularly the General Data Protection Regulation (GDPR)2016/679(hereinafter referred to as "GDPR").

This Policy,along with the BYEBYEBUY LTD's Privacy Policy,specifically reflects the principles of the EU General Data Protection Regulation.

We kindly ask customers to acknowledge this Policy.If you do not wish for us to use your personal information in accordance with this Privacy Policy,please do not provide us with your personal information.However,please note that in such cases,we may not be able to provide our services,you may not be able to access and/or use certain features of this website,and it may affect customer satisfaction.

2. Use of Your Personal Information 

Our company always processes your personal information based on any legal grounds defined in the GDPR(Articles 6 and 7 of the GDPR).Additionally,our company always processes sensitive information,such as trade union membership,religious views,and health status,in accordance with the special criteria defined in the GDPR(Articles 9 and 10 of the GDPR).

Our company may collect and process your personal information for the following detailed purposes to pursue legitimate interests and provide you with appropriate services and products:

·Ensuring the most effective display of our website content for our customers.

·Notifying customers of changes to our services.

·Managing your account.

·Providing products and services to customers.

·Informing customers of our policies and terms.

·Enhancing security by monitoring fraudulent activities,investigating suspicious or potentially illegal activities,or investigating violations of our policies and regulations.

·Providing,improving,and creating products,services,and advertisements.

·Using personal information for data analysis,research,audits,etc.

·Ensuring business continuity.

Furthermore,with your explicit prior consent,we may collect and process your personal information for the following purposes:

·Providing customers with information that may be of interest to them.

·Allowing customers to participate in interactive features of our services (if they choose to do so).

·Managing your newsletter subscriptions.

·Combining customers' personal information with third-party (partner companies)data,which may provide customers with information about their products and services.

·Conducting business analysis.

You may withdraw your consent at any time.However,the legality of processing personal information prior to withdrawal is not affected by the withdrawal of consent.

Our company will not process your data for purposes other than those identified,explicit,and legitimate,nor will we process the data in a manner incompatible with these purposes.Whenever we intend to process data collected for one purpose for another purpose,we will notify you.To comply with legal obligations,provide appropriate services,and maintain our business activities,we will retain customers' personal information for as long as we deem necessary(Articles 5 and25(2)of the GDPR).

3. Types of Personal Information to Be Used

For the purposes specified in this Policy,our company may collect the following categories of personal information:

·Name

·Job title

·Home address

·Identification numbers (customer ID,etc.)

·Location data

·Email address (for personal or business use)

·Telephone number (for personal or business use)

·Employer

·Online identifiers(IP address,cookie identifiers)

·Credit card/bank account information●Records of customer call details

·Video surveillance (CCTV footage)

·Employee performance evaluation records

·Recruitment information(resume,certificates,marital status,date of birth,references,etc.)

If you decide to provide personal information to our company(e.g.,by filling out a form displayedon the website)or through your electronic communication terminal or internet browser,our company will obtain your personal information directly or indirectly.Our company ensures thatthe personal information processed is adequate,relevant,and limited to what is necessary for the processing purposes.

4. Sharing Personal Information

In accordance with the GDPR,our company may share your personal information with group companies and third parties.When sharing customer data with data processors,we will establish an appropriate legal framework covering data transfer and processing(Articles 26,28,and 29 of the GDPR).Additionally,when sharing your data with organizations outside the EEA,we will establish an appropriate legal framework covering data transfer and processing,particularly using the Standard Contractual Clauses approved by the European Commission for transfers between controllers (2004/915/EC) and between controllers and processors (2010/87/EU) (Articles 44 or less of the GDPR).

Strategic Partners

With the customer's prior consent,the customer's personal information may be transferred to strategic partners who collaborate with our company to provide our products and services or support marketing to customers.These partners may further store and process the data.We only share your personal information with strategic partners when it is necessary to provide or improve our products,services,and advertisements.

Service Providers

We share your personal information with companies that provide services to our company,including hosting,maintenance,support services,email services,marketing,auditing,customer order processing,payment processing,data analysis,customer service products,customer surveys,and satisfaction surveys.

Affiliated Companies and Business Mergers

Our company may share your personal information with all affiliated companies.In the event of a business merger,corporate restructuring,civil rehabilitation,acquisition,joint venture,transfer,spin-off,sale,or disposal (including cases related to bankruptcy proceedings or similar procedures),we may transfer any personal information to the relevant third parties.

Regulatory Compliance and Security

Occasionally,our company may need to disclose your personal information in response to legal requirements,legal proceedings,litigation,and/or requests from public and governmental authorities in your country or abroad.Furthermore,we may disclose your personal information if we determine that such disclosure is necessary or appropriate for national security,law enforcement,or other issues of public importance.

Additionally,to protect our rights,seek available remedies,enforce our terms of use,investigate fraud,or protect our business and users,we may disclose your personal information if we determine in good faith that such disclosure is reasonable and necessary.

Data Transfers

The above disclosures include the transfer of your personal information from the EU to the following countries:Japan and the United States (these countries may change due to changes in the business environment).

Such transfers may be for employee evaluations,payroll processing,expense payments,and communication with business partners.For each transfer,we ensure an adequate level of protection for the transferred data.In particular,this is implemented through the conclusion of Standard Contractual Clauses as defined by European Commission Decisions 2001/497/EC2002/16/EC,2004/915/EC,and 2010/87/EU.

5. Records of Data Processing

As a data controller or processor,our company will maintain records of all personal information processing activities in compliance with the obligations set forth in the GDPR(Article 30).We comply with the GDPR and ensure that all information required for cooperation with supervisory authorities under the GDPR (Article 31)is reflected in these records.

6. Security Measures

Our company processes your personal information in a manner that ensures appropriate security,including protection against unauthorized or unlawful processing,accidental loss,destruction,or damage.To achieve this level of protection,we will implement appropriate technical and organizational measures(Articles 25(1)and 32 of the GDPR).

Unless a longer retention period is required or permitted by law,we will retain customers' personal information only for the period necessary to achieve the purposes outlined in this Policy.

7. Reporting Data Breaches to Supervisory Authorities

To address accidental or unlawful destruction,loss,alteration,unauthorized disclosure,or access to personal data resulting from security breaches,our company has established mechanisms and policies to promptly detect and assess the impact of such breaches.Based onthe assessment results,we will notify the supervisory authorities if necessary (Articles 33 and34 of the GDPR).

8. Processing That May Pose a High Risk to Your Rights and Freedoms

Our company has established mechanisms and guidelines to detect data processing activities that may pose a high risk to customers' rights and freedoms(Article 35 of the GDPR).If such processing activities are detected,an internal assessment will be conducted to determine whether to cease the activity,ensure compliance with the GDPR,or implement appropriate technical and organizational safeguards to continue the activity.

In cases of doubt,our company will consult the Data Protection Officer for advice and recommendations(Article 36 of the GDPR).

9. Your Rights

You have the following rights regarding the personal data collected and processed by our company:

·Information on Data Processing:You may obtain all necessary information about our data processing activities related to you(Articles 13 and 14 of the GDPR).

·Access to Personal Information:You may verify whether we have processed personal information related to you and,if so,access the personal information and related details(Article 15 of the GDPR).

·Rectification or Erasure of Personal Information:You may request the correction of inaccurate personal information related to you without undue delay and supplement incomplete personal information (Article 16 of the GDPR).Additionally,under the conditions specified in the GDPR,you may request the erasure of personal information related to you without undue delay(Article 17 of the GDPR).

·Restriction of Processing:Under the conditions specified in the GDPR,you may request therestriction of processing of your personal information(Article 18 of the GDPR).

·Objection to Processing:Under the conditions specified in the GDPR,you may object to the processing of your personal information at any time based on your particular situation (Article21 of the GDPR).

·Data Portability:Under the conditions specified in the GDPR,you may receive your personal information in a structured,commonly used,and machine-readable format and transmit it to another controller without hindrance (Article 20 of the GDPR).

·Protection Against Automated Decision-Making:Under the conditions specified in the GDPR,you have the right not to be subject to a decision based solely on automated processing (including profiling)that produces legal effects concerning you or similarly significantly affects you(Article 22 of the GDPR).

If you wish to exercise the above rights,please refer to the Contact section.

If you are dissatisfied with our response or have any complaints about how we handle your personal information,you may file a complaint with the data protection supervisory authority.

10. Children

Our company does not knowingly collect or process information about children under the age of 16 without your permission and consent.If we discover that we have collected and processed the personal information of a child under 16 or a child below the minimum age specified by similar laws in EU member states,we will take steps to delete such information assoon as possible.If you find that a child under 16 has provided us with personal information,please contact us immediately using the contact details provided in this Policy.

11. Links to Other Websites

Our company may provide hyperlinks to third-party websites or internet resources on the website where this Policy is published.We do not control or assume responsibility for the handling or content of third-party personal data protection practices.Please carefully review the third party's personal data protection policy and confirm how they collect and process your personal data.

12. Updates to the Policy

Our company may revise or update this Policy from time to time.Updates to this Policy will take effect upon the publication of the revised version.If we make changes that we consider significant,we will notify you through the website where possible and,in some cases,request your consent.

If you have any questions or requests regarding this Policy,please contact us at [email protected].