Regulation and GDPR Privacy Policy | APU Ritsumeikan Asia Pacific University
Regulations
By enrolling at Ritsumeikan Asia Pacific University (APU), you must be aware that you are a student of the university and must comply with regulations set by the university as well as Japanese laws. It is necessary to comply to the university’s Handling of Personal Information at Ritsumeikan Asia Pacific University policy, understanding that the university will strictly adhere to the aforementioned policy.
Please refer to APU’s university regulations and policies, such as Handling of Personal Information at Ritsumeikan Asia Pacific University, available at the link below.
Regulations: http://en.apu.ac.jp/home/about/content233/ (link to APU's official website)
Ritsumeikan Asia Pacific University
Privacy Policy Pursuant to the EU General Data Protection Regulation (GDPR)
Ritsumeikan Asia Pacific University (hereafter “APU”) has established a privacy policy (hereafter “this Policy”) with regard to the processing of personal data concerning identified or identifiable natural persons within the European Economic Area (EEA).
This Policy complies with the content of the Basic Policy of Protection of Personal Information, Public Announcement Based on the Act on the Protection of Personal Information, Ritsumeikan Trust Personal Information Protection Regulations, and Personal Information Policy, which are based on the Japanese Act on the Protection of Personal Information and the Enforcement Order of that Act. Please refer to the source provisions and items of these documents when reading this Policy.
Act on the Protection of Personal Information
Basic Policy of Protection of Personal Information
Public Announcement Based on the Act on the Protection of Personal Information
Ritsumeikan Trust Personal Information Protection Regulations
1. Definitions
Terms in this Policy are defined as set forth below.
Applicable laws | EU General Data Protection Regulation (GDPR), Japanese Act on the Protection of Personal Information Reference: General Data Protection Regulation |
---|---|
Data subject | An identified or identifiable natural person in the European Economic Area (EEA). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Personal data |
Any information related to a data subject whereby a specific individual may be identified. Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 2 (Definitions) |
Controller |
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this Policy, APU is the controller. Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 7 (Establishment of Personal Information Administrators) |
Processor |
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 7-6 (Personal Information Handling Administrator) |
Third party |
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. Reference: Public Announcement Based on the Act on the Protection of Personal Information Appendix 2 (Shared Use of Personal Data) |
Consent of the data subject |
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her Reference: Basic Policy of Protection of Personal Information 3 and 4 Ritsumeikan Trust Personal Information Protection Regulations, Article 9-3 (Notification of Purpose of Use when Acquiring) |
2. Controller’s Name, Address, and Inquiries
The party responsible for this Privacy Policy is the Personal Information School Administrator prescribed in Article 7-4 of the Ritsumeikan Trust Personal Information Protection Regulations (Director-General, Ritsumeikan Asia Pacific University).
Name: Ritsumeikan Asia Pacific University
Address: 1-1 Jumonjibaru, Beppu, Oita, Japan
Inquiries: Inquiries can be lodged using the form accessible via the link below.
Request for Disclosure or Other Handling of Personal Data
Inquiries on matters other than this Privacy Policy need to be made in accordance with “5. Notification of Purpose of Use, Disclosure, Corrections, or Suspension of Use of Retained Personal Data” in the Public Announcement Based on the Act on the Protection of Personal Information.
3. Cookies
The APU website and other services provided using web-based technologies (hereafter “web-based services) make use of “cookies,” a technology designed to enhance usability. Cookies enables information entered by a user to be stored temporarily on the device used for web browsing, to spare the user the trouble of re-entering the same information on other pages or the next time the same page is accessed. Cookies are also used to collect information on access to APU’s web-based services, including number of times accessed, pages visited, and visit duration. Where cookies are used, this is stated explicitly on the applicable web pages. Data collected via cookies is used in order to improve the services offered.
4. Access Logs
In APU’s web-based services, access logs are kept in order to manage the services and analyze their usage conditions. Access logs include domain names, IP addresses, dates/times of access, and types of browser used by persons using the services.
5. Categories of Personal Data Obtained
In APU’s web-based services, access logs are kept in order to manage the services and analyze their usage conditions. Access logs include domain names, IP addresses, dates/times of access, and types of browser used by persons using the services.
-
(1)
Individual information: Name, gender, date of birth, nationality, occupation, status of residence information, family information, information on parents/guarantors, information on bank account for remittances, passport information, native language, criminal history, relatives in Japan, etc.
-
(2)
Contact information: E-mail address, telephone number, fax number, postal address
-
(3)
Enrollment information: Current affiliation, course status, grades, information on language proficiency, etc.
-
(4)
Financial information: Tuition payment status, scholarship-related information, etc.
-
(5)
Academic history / personal history
-
(6)
Health status (illnesses and disabilities, history of consultations for infectious disease, vaccination history, health concerns, etc.
-
(7)
Cookies, IP addresses
Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 2 (Definitions)
6. Sources of Personal Data
APU obtains personal data from the following sources.
-
(1)
Direct obtainment from the data subject (for example: personal data entered in an application form)
-
(2)
Indirect obtainment from the data subject (for example: IP addresses obtained from visitors to the APU website)
-
(3)
Information in the public domain (information available online)
-
(4)
Documents provided by third parties
7. Purposes of Processing
APU processes personal data for the following purposes only.
-
(1)
Students’ personal data
Operations related to student services at APU -
(2)
Parents’/guarantors’ personal data
-
(i)
Tuition and fee payment notifications
-
(ii)
Administration of parents’ association and related notifications
-
(iii)
Donations
-
(i)
-
(3)
Alumni personal data
-
(i)
Operations related to certification of graduation, grades, enrollment, etc.
-
(ii)
Publicity
-
(iii)
Donations
-
(iv)
Operations related to collaboration with alumni
-
(i)
-
(4)
Faculty/staff personal data
-
(i)
Personnel information
-
(ii)
Payment of honoraria, salaries, bonuses, etc.
-
(iii)
Welfare and benefits procedures
-
(iv)
Procedures related to social insurance, taxation, etc.
-
(v)
Communication and provision to labor unions, health insurance cooperatives, associated companies, assignee companies, etc.
-
(vi)
Procedures on termination of employment
-
(vii)
Emergency communications
-
(viii)
Lodgments and reporting to public authorities
-
(ix)
Other essential operational procedures, communications, etc.
-
(i)
-
(5)
Personal data of visitors to the APU website
-
(i)
Ascertainment of usage status of the APU website
-
(ii)
Improvement of the APU website
-
(i)
Reference:
Ritsumeikan Trust Personal Information Protection Regulations, Article 7-8 (Specifying a Purpose of Use)
Public Announcement Based on the Act on the Protection of Personal Information, 2. Purpose of Use
8. Provision and Sharing of Personal Data
APU may share personal data with the following third parties for the purposes set forth in 7. Purposes of Processing above.
-
(i)
Parents’ association, alumni association, mutual aid association, faculty/staff union
-
(ii)
Attorneys-at-law, tax accountants, certified public accountants, and other professionals
-
(iii)
Financial institutions
-
(iv)
Current, former, and future faculty/staff members
-
(v)
National and local government authorities, regulatory authorities, courts of law, etc.
-
(vi)
Subcontractors
In addition to the above, personal data may be provided to police and judicial authorities in the event of a court order in accordance with the laws of Japan.
Reference:
Ritsumeikan Trust Personal Information Protection Regulations, Article 10 (Restricted Third Party Provision)
Ritsumeikan Trust Personal Information Protection Regulations, Article 11-2 (Restriction on Provision to a Third Party in a Foreign Country)
Ritsumeikan Trust Personal Information Protection Regulations, Article 11-3 (Keeping Records of Third-Party Provision)
Public Announcement Based on the Act on the Protection of Personal Information, 3. Provision of Personal Data to a Third Party, 4. Sharing Personal Data
9. Handling in Accordance with Consent and Rights of the Data Subject
The data subject consents to the handling of personal information processing by The Ritsumeikan Trust by expressing their intention to consent to this Privacy Policy. The Ritsumeikan Trust shall handle the data subject’s personal information in accordance with said consent.
The data subject has the rights set forth below. Moreover, the data subject may withdraw consent at any time, even after having given consent to the matters previously set out by APU. Consent can be withdrawn by lodging a request in the same manner as for rights held, via the form stated under “2. Controller’s Name, Address, and Inquiries.” The data subject also has the right to lodge complaints to their local protection authority with competence over the handling of personal information.
-
(1)
Right to information
When collecting personal data from the data subject, the controller must provide essential information regarding the obtainment of data. -
(2)
Right to access
The controller must provide a copy of personal data upon demand by the data subject. -
(3)
Right to rectification
The data subject may demand the controller to rectify personal data. -
(4)
Right to erasure
The data subject may demand the controller to erase personal data. -
(5)
Right to restriction
The data subject may demand the controller to restrict processing of personal data. -
(6)
Right to data portability
The data subject may demand to receive personal data concerning him or her in a structured, commonly used and machine-readable format. -
(7)
Right to object
The data subject may make an objection to the controller with regard to the processing of his or her personal data by the controller or a third party. -
(8)
Rights related to automated individual decision making
The data subject may demand the controller not to subject him or her to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her. (Example: online recruitment activities with no human intervention)
Reference:
Ritsumeikan Trust Personal Information Protection Regulations, Article 14 (Disclosure)
Public Announcement Based on the Act on the Protection of Personal Information, 5. Notification of Purpose of Use, Disclosure, Corrections, or Suspension of Use of Retained Personal Data
10. Security Measures
As the controller, APU has instituted sufficient technical and organizational security measures with regard to the protection of personal data. In the event that the data subject has concerns with regard to specific data transfer methods and the like, APU shall institute sufficient alternative measures.
Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 9-4 (Proper Control of Personal Data)
11. Cross-border Data Transfer
APU may transfer personal data to Japan, pursuant to a decision of adequacy regarding cross-border data transfer obtained by Japan.
12. Personal Data Storage Period
Personal data shall be stored for the period necessary to achieve the purposes of the collection of said data, in accordance with the Order for Enforcement of the School Education Act established by the Cabinet of the Government of Japan, the School Education Act Enforcement Regulations issued by the Ministry of Education, Culture, Sports, Science and Technology, and the documentation regulations established by The Ritsumeikan Trust pursuant to those laws and regulations.
Reference: Ritsumeikan Trust Personal Information Protection Regulations, Article 9-4 (Proper Control of Personal Data)
13. General Provisions
APU may vary this Policy in accordance with laws and regulations or APU’s own policies . However, APU shall not use the data subject’s personal data under any new method without obtaining his or her consent.
Policy on the handling of personal information at the time of registration for APU fairs and webinars
Personal information obtained at webinars, university information sessions, fairs and other events is handled in accordance with The Ritsumeikan Trust’s Basic Policy of Protection of Personal Information, and (for individuals located in the EEA) the Privacy Policy Pursuant to the EU General Data Protection Regulation (GDPR).
APU may periodically send messages to the email address you register at this event, providing information on other admissions-related events, application deadlines and the like. Please be assured that if you do not wish to receive such messages, you can simply click the “unsubscribe” link in the messages you are sent.
*You are deemed to have consented to the policies above when you participate in the event. Please check the links provided carefully before registering and participating in the event.
*If you wish to lodge a request for information pursuant to the EU General Data Protection Regulation (GDPR), please click here.