top of page
MTC-logo-horizontal-A2-black.png
  • LinkedIn

GDPR Privacy Policy

GDPR Privacy Policy of Moro Technology Corporation

Date of Establishment: September 5, 2022
Last Update: June 17, 2025

A) Purpose of this policy, etc.

1. Purpose of this privacy policy

This privacy policy aims to give you information on how Moro Technology Corporation (the "Company", "we", "us" or "our") processes (including, but not limited to, collection, use, and storage) the personal data of an identified or identifiable natural person in the European Economic Area (“EEA”). Such a person is referred to as a “Data Subject” and their personal data as “Personal Data.” We act as a data controller and, where applicable, a data processor.

Consistent with our corporate mission as a global technology services provider, we respect the right to privacy and comply with all applicable data protection laws and regulations, including the EU General Data Protection Regulation 2016/679 (“GDPR”).

2. Contact details

If you have any questions about this GDPR Privacy Policy, please contact our Personal Information Inquiry Desk:

By Mail: Moro Technology Corporation, Attn: Personal Information Inquiry Desk, JP Tower Nagoya 21F, 1-1-1 Meieki, Nakamura-ku, Nagoya-shi, Aichi, 450-6321, Japan

By Email: connect@morotechnology.co.jp

3. Third-party links

This website may include links to third-party websites. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit when you leave ours.

B) Personal Data we collect about Data Subjects

Personal Data means any information relating to a Data Subject. It does not include anonymous data where the individual is not identifiable. We may process the following categories of Personal Data:

  • For Identification: First name, last name, username or similar identifier, title, date of birth, and gender.

  • For Contact: Billing address, delivery address, email address, and telephone numbers.

  • For Marketing and Communications: Your preferences for receiving marketing from us and your communication preferences.

  • For Confirmation of Personal History: Skills, qualifications, job history, and other information necessary to assess suitability for a role during recruitment.

  • For Internal Control: Names, titles, contact details, and job descriptions necessary for internal management, financial consolidation, and audits.

C) How is Personal Data collected?

We collect Personal Data in the following ways:

  • Direct collection: You may give us your Personal Data by filling in forms on our website or by corresponding with us by post, email, or otherwise. This includes when you request information on our services, apply for a job, or give us feedback.

  • Indirect collection: We may receive Personal Data about you from our subsidiaries in the EEA, business partners, or publicly available sources.

D) How we use Personal Data

1. Legal grounds for lawful processing of Personal Data

We will only use your Personal Data when the law allows us to. Under GDPR, we rely on the following legal grounds:

  • Consent: Where you have given us clear consent to process your Personal Data for a specific purpose.

  • Performance of Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

  • Legal Obligation: Where processing is necessary for us to comply with the law.

  • Legitimate Interests: Where processing is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

2. Purposes for which we will use your Personal Data
We have set out below the ways we plan to use your Personal Data and which of the legal grounds we rely on to do so.

Purposes for using Personal Data

Types of Personal Data

Legal grounds for lawful processing

1. To respond to inquiries submitted through our contact form.

(a) For Identification 
(b) For Contact

(a) Legitimate Interests (to respond to inquiries) 
(b) Consent

2. To provide our global technology services and fulfill contractual obligations.

(a) For Identification
(b) For Contact

(a) Performance of Contract

3. To send information about our services, seminars, or events.

(a) For Identification
(b) For Contact
(c) For Marketing and Communications

(a) Legitimate Interests (to grow our business)
(b) Consent

4. To administer and protect our business and this website (including troubleshooting, data analysis, and system security).

(a) For Identification
(b) For Contact

(a) Legitimate Interests (for running our business, provision of IT services, and network security)
(b) Legal Obligation

5. For recruitment activities and related communications.

(a) For Identification
(b) For Contact
(c) For Confirmation of Personal History

(a) Legitimate Interests (to assess candidate suitability)
(b) Consent

6. For management of employees, business partners, internal control, and financial reporting.

(a) For Identification
(b) For Contact
(c) For Internal Control

(a) Performance of Contract
(b) Legitimate Interests (for effective business management)
(c) Legal Obligation

E) Disclosure of Personal Data

We may share your Personal Data with the parties set out below for the purposes described in the table above:

  • Internal Third Parties: Our subsidiaries in the EEA and our shareholders, Toyota Tsusho Systems Corporation and MORO GLOBAL BV.

  • External Third Parties: Professional advisers such as lawyers, bankers, auditors, and insurers; and service providers who provide IT, system administration, and HR services.

  • Regulators and other authorities who require reporting of processing activities in certain circumstances.

F) Transfer of Personal Data from the EEA to Non-EEA

Your Personal Data will be transferred to and stored in Japan, which is outside the EEA. We ensure a similar degree of protection is afforded to it by relying on the following:

  • We transfer Personal Data to Japan, a country that has been deemed to provide an adequate level of protection for Personal Data by the European Commission.

  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe (Standard Contractual Clauses).

G) Data security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your Personal Data to those employees, agents, and contractors who have a business need to know and are subject to a duty of confidentiality.

H) Retention period of Personal Data

We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

I) Legal rights of Data Subjects

Under certain circumstances, you have rights under GDPR in relation to your Personal Data:

  • Request access to your Personal Data.

  • Request correction of your Personal Data.

  • Request erasure of your Personal Data.

  • Object to processing of your Personal Data.

  • Request restriction of processing your Personal Data.

  • Request the transfer of your Personal Data.

  • Right to withdraw consent at any time.

You also have the right to make a complaint to a data protection supervisory authority. However, we would appreciate the chance to deal with your concerns first.

J) Updates to this policy

This policy may be updated from time to time. You can find the latest version on our website.

bottom of page