Effective Date: 20 November 2025
Version: 1.0

1. Introduction

At Hanamaru Consulting GK (“we”, “us”, “our”), we respect your privacy and are committed to protecting your personal data. This Policy explains how we collect, use, disclose, transfer, and store personal information, in compliance with the GDPR (EU) and the APPI (Japan).

This Policy applies to all individuals whose personal data we process: clients, prospects, website visitors, business contacts, and others (“you” or “your”).

2. Data Controller

Name: Hanamaru Consulting GK
Address: 8F/9F 2nd Okabe building, 3-27-25, Hakata Ekimae, Fukuoka
Representative: Patryk Czemarnik
Contact: office@hanamaru.consulting
If you are in the EU, our representative for EU-data-protection matters is: BGLAM sp. z o.o.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identity data (e.g., name, title, company name)
  • Contact data (e.g., email address, telephone number, business address)
  • Transactional data (e.g., details of services you engage with us)
  • Usage data (e.g., how you use our website or communications)
  • Marketing and communication data (e.g., your preferences in receiving marketing from us)
  • Any additional data you provide in correspondence or via forms (e.g., in consultation requests)

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes, and under the following legal bases:

  • Purpose: To deliver our consulting, market-entry, marketing and brand-services to you.
    Legal basis: Performance of contract and/or legitimate interests (you are a business contact) under GDPR; and under APPI, necessary for business operations in accordance with your understanding.
  • Purpose: To manage our relationship with you (including billing, support, and customer service).
    Legal basis: Performance of contract and legitimate interests.
  • Purpose: To send you marketing materials (where you have consented or have a business-relationship and do not object).
    Legal basis: Consent and/or legitimate interests.
  • Purpose: To improve our services, website, and operations, including analytics.
    Legal basis: Legitimate interests.
  • Purpose: Where required to comply with legal obligations (e.g., record-keeping under employment or tax laws).
    Legal basis: Legal obligation.

5. Disclosure and Transfers of Personal Data

We may disclose your personal data to third parties in the following circumstances:

  • To our service providers, agents or subcontractors, who assist with our business operations (marketing, IT, accounting, legal).
  • To professional advisors (legal, auditing) as required for our business.
  • Where required by law, regulation or court order.
  • In connection with a sale, merger or re-organization of our business: you will receive information in advance with opportunity to object.

If we transfer personal data to a country outside Japan or the European Economic Area (EEA), we ensure appropriate safeguards are in place. Under the APPI, transfer to a foreign country requires your consent unless the foreign system has “equivalent standards”. Under GDPR, we comply with Articles 44–49 (e.g., adequacy decision, model contract clauses).

6. Retention of Personal Data

We will retain your personal data only for as long as necessary to fulfil the purposes set out in this Policy, or for as long as required by law. The criteria for determining retention periods include: legal obligations, business requirements, and whether the data is still required for the original purpose.

7. Your Rights

Under the GDPR and APPI you have certain rights in respect of your personal data:

  • The right to access the data we hold about you and receive a copy.
  • The right to correct or update inaccurate data.
  • The right to request erasure or restriction of processing, where applicable.
  • The right to object to processing (in certain cases) and to withdraw your consent at any time (without affecting prior processing).
  • The right to data portability (where applicable).
  • The right to lodge a complaint with a supervisory authority (in the EU: relevant data protection authority; in Japan: the Personal Information Protection Commission).

If you wish to exercise any of these rights, please contact us at office@hanamaru.consulting. We will respond to your request within the timeframe required by law.

8. Cookies and Tracking Technologies

We use cookies, web-beacons, and similar technologies to collect usage data. This may include IP addresses, device identifiers, geolocation data, and details of your browsing on our website.
Where required under Japanese law (for “person-related information”) or EU law, we will obtain consent for use of cookies that are not strictly necessary.
You may set your browser to reject cookies or delete cookies at any time. Please note that this may impact the functionality of our website.

9. Security Measures

We take appropriate technical and organisational measures to ensure the security of your personal data, to protect against unauthorised or unlawful processing, loss, destruction or damage. Under the APPI, business operators handling personal information must take “necessary and appropriate measures” for management of personal data.
We review our security practices periodically and train our personnel on confidentiality and data-protection obligations.

10. Minors

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If we become aware that we have collected such data without parental/guardian consent, we will take steps to delete it.

11. Changes to this Policy

We may update this Policy from time to time. We will post the updated version on our website and indicate the “Effective Date.” If we make material changes we may provide you with additional notice.

12. Contact and Complaints

If you have any questions about this Policy or how we handle your personal data, please contact us at:
Email: office@hanamaru.consulting
Address: 8F/9F 2nd Okabe building, 3-27-25, Hakata Ekimae, Fukuoka
Representative: Patryk Czemarnik

If you are in the EU and wish to complain, you may file a complaint with the relevant supervisory authority (for example, in Poland: the Office for Personal Data Protection). In Japan, you may contact the Personal Information Protection Commission.

13. Additional Japan-Specific Requirements

Under the APPI, we publicly announce the “Purpose of Use” of personal information in a readily accessible manner prior to collection.
We must also ensure that when providing personal data to a third party we provide prior notice to data subjects, and if outsourcing overseas, obtain consent or ensure equivalent safeguards.

14. Additional EU-Specific Requirements

Under the GDPR, when collecting personal data from you we must provide you with specific information (identity of controller, purpose, recipients, retention period, rights) at or before the time of collection (Article 13).
We must process personal data lawfully, fairly and transparently; ensure data minimisation, accuracy, storage limitation, integrity and confidentiality (Principles – Article 5).

Thank you for trusting Hanamaru Consulting GK with your data. We are committed to protecting your privacy and building relationships based on trust and transparency.