top of page

Privacy Policy 
Updated: September 20, 2025

​

​

Article 1 (General)

1. Anna Skrypka Studio (hereinafter referred to as “the Company”, “we”, “our” or “us” ) is committed to protecting the privacy of users of our website. Before using our website ANNASKRYPKA.COM, please read this Privacy Policy carefully in its entirely.

​

Applicable Privacy Laws

General Data Protection Regulations (GDPR), the UK Data Protection Act, and the Act on the Protection of Personal Information of Japan.

 

GDPR

General Data Protection Regulations (EU General Data Protection Regulation).

​

EU

The European Union, including the Member States of theEuropean Union and Iceland, Liechtenstein, and Norway, which are included in the European Economic Area (EEA) under theEEA Agreement.

 

Controller

A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. In this Privacy Policy, it refers to our Company.

​

Personal Data

Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person

 

Data Subject

An identified or identifiable natural person whose Personal Data are processed by a Controller 

 

Processor

A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.


Recipient

A natural or legal person, public authority, agency, or another body, whether a Third Party or not, to which Personal Data are disclosed. However, public authorities which may receive Personal Data in the framework of a particular inquiry under EU law or Member State law shall not be regarded as Recipients; the Processing of those data by those public authorities shall be in compliance with applicable data protection rules according to the purposes of the Processing.

​

Third Party

A natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.

​

Restriction of Processing

The marking of stored Personal Data with the aim of limiting their Processing in the future.

​

Processing

Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

​

Profiling

Any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

​

Consent of the Data Subject

Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

​

2. Name and Address of the Controller

Name: Anna Skrypka
Address: Shinagawa-ku, Tokyo, Japan
E-mail: anna.skrypka@gmail.com
Website: www.***.com

​

3. Name and Address of the Data Protection Officer (DPO)

Name: Anna Skrypka
Address: Shinagawa-ku, Tokyo, Japan
E-mail: anna.skrypka@gmail.com
 

4. Name and Address of the Lead Supervisory Authority

Personal Information Protection Commission
Address: Kasumigaseki Common Gate West Tower 32nd Floor, 3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan
Telephone: +81-3-6457-9680
Website: https://www.ppc.go.jp/en/index.html

 

5. Cookies

Our website uses cookies. Cookies are text files that are stored on a computer system via an Internet browser. Many internet sites and servers use cookies. A cookie consists of a string of characters that enables the assignment of internet pages and servers to the specific internet browser in which the cookie is stored. This allows the internet sites and servers visited to distinguish the individual browser of the Data Subject from other internet browsers that contain other cookies. A particular internet browser can be recognized and identified by means of a unique cookie ID.

By using cookies, we can provide users of this website with more user-friendly services that would not be possible without the placement of cookies. The information and advertisements on our website can also be optimized with the user in mind through the use of cookies. The purpose of this is to make the use of our website easier for users. For example, a user who accepts cookies does not need to re-enter access data each time he or she visits the website, because this is stored in the cookies placed on the user’s computer system.

The Data Subject may, at any time, prevent the setting of cookies through our website by means of an appropriate setting of the internet browser used, and may thus permanently deny the setting of cookies. Already-set cookies may also be deleted at any time via an internet browser or other software programs. This is possible in all commonly used internet browsers. However, if the Data Subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

​

Types of Cookies

(1) Classification by duration

  1. Session Cookies:
    Cookies that are erased when the user closes the browser.

  2. Persistent Cookies:
    Cookies that remain stored on the user’s computer/device for a predefined period.

(2) Classification by source (attribution)

  1. First party Cookies:
    Cookies set by the web server of the visited site and which share the same domain.

  2. Third Party Cookies:
    Cookies stored by a domain other than the domain of the visited page. These may be set, for example, when a web page references files (such as JavaScript) hosted outside its own domain.

6. Purposes of Processing Personal Data

(1) Purposes of Processing

We conduct Processing of Personal Data only for the following purposes:

A. Personal Data of customers and business partners

  1. Provision of services such as installation, maintenance, inspection, and repair of products handled in our business;

  2. Planning, research, development, testing, and demonstration of products handled in our business;

  3. Access control to our facilities;

  4. Management of business partner information, payment Processing, and receipt Processing;

  5. Necessary communications for business operations, including business negotiations and contract execution;

  6. Responding to various inquiries.

B. Personal Data of job applicants

  1. Providing and communicating recruitment-related information to job applicants;

  2. Administration and management of recruitment activities.

C. Personal Data of employees, etc.

  1. Human resources and labor management;

  2. Payment of compensation, salaries, and bonuses;

  3. Procedures related to social insurance and taxation;

  4. Communication and provision of information to labor unions, health insurance associations, corporate pension funds, affiliated companies, and seconded companies;

  5. Procedures at the time of retirement;

  6. Emergency contact and other necessary communications;

  7. Submissions and reports to governmental and public authorities;

  8. Notifications, reports, and communications to customers and business partners in connection with duties assigned to the employee;

  9. Other procedures and communications necessary for business operations.

(2) Sources of Personal Data

We obtain Personal Data for the purposes described in (1) above from the following sources:

  1. Directly from the Data Subject (e.g., Personal Data entered on application forms);

  2. Indirectly from the Data Subject (e.g., IP addresses obtained when browsing our website);

  3. Publicly available information (e.g., information published on the internet);

  4. Social media (e.g., Twitter, LinkedIn, Facebook);

  5. Reports or documentation provided by third parties.

(3) Types of Personal Data Collected

  1. Personal identification and attribute information;

  2. Purchase history relating to Personal Data processed by our company;

  3. Information on products and services provided;

  4. Financial information;

  5. Educational background;

  6. Employment-related information.

(4) Provision and Sharing of Personal Data

We may share Personal Data with the following Third Parties when necessary for the purposes described in (1) above. In such cases, we will comply with all Applicable Privacy Laws:

  1. Our group companies;

  2. Professional advisors such as attorneys, tax accountants, and certified public accountants;

  3. Financial institutions;

  4. Current, former, or future employees;

  5. Service providers and suppliers.

 

7. Legal Basis for Processing Personal Data

The legal basis for Processing is as follows:

  1. Where the Data Subject has given consent to the Processing of his or her Personal Data for one or more specific purposes. If the Processing is based on the Consent of the Data Subject, the Data Subject has the right to withdraw such consent at any time.

  2. Where the Processing is necessary for the performance of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract.

  3. Where the Processing is necessary for compliance with a legal obligation to which the Controller is subject.

  4. Where the Processing is necessary in order to protect the vital interests of the Data Subject or of another natural person.

  5. Where the Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

  6. Where the Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a Third Party, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject, in particular where the Data Subject is a child.
    Examples where legitimate interests serve as the legal basis under (6) above include:

    • Marketing (direct marketing) to customers;

    • Customer service to customers;

    • Handling job applications submitted to the company.

 

8. Rights of the Data Subject

Under applicable privacy laws, including the GDPR, Data Subjects have the following rights. The Data Subject may contact the Data Protection Officer (DPO) appointed by our company at any time in order to exercise these rights.

  1. Right to Information
    Where Personal Data relating to a Data Subject are collected, the Controller must provide certain information to the Data Subject at the time when the Personal Data are obtained.

  2. Right of Access
    The Controller must provide the Data Subject, upon request, with access to the Personal Data that are being processed and a copy thereof.

  3. Right to Rectification
    The Data Subject may request the Controller to rectify inaccurate Personal Data concerning him or her.

  4. Right to Erasure (“Right to be Forgotten”)
    The Data Subject has the right to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay in certain cases.

  5. Right to Restriction of Processing
    The Data Subject has the right, in certain cases, to obtain the Restriction of Processing by the Controller.

  6. Right to Notification Regarding Rectification, Erasure, or Restriction of Processing
    In the cases referred to in (3) through (5) above, the Controller must notify Recipients to whom the Personal Data have been disclosed of such Processing, and must also inform the Data Subject of those Recipients if so requested.

  7. Right to Data Portability
    The Data Subject has the right to receive the Personal Data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided.

  8. Right to Object
    The Data Subject has the right to object to the Processing of Personal Data concerning him or her which is based on the necessity for the purposes of the legitimate interests pursued by the Controller or by a Third Party.

  9. Right Not to Be Subject to Automated Decision-Making, Including Profiling
    The Data Subject has the right not to be subject to a decision based solely on automated Processing, including Profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
    Our company does not carry out automated decision-making, including Profiling, in relation to Personal Data of Data Subjects.

 

9. Security Measures

As a Controller, we implement appropriate technical and organizational security measures to ensure the protection of Personal Data. If a Data Subject has concerns regarding a specific method of data transfer or other Processing method, we will implement adequate alternative measures.

 

10. Cross-Border Transfers of Personal Data

We may transfer the Personal Data of Data Subjects from establishments (such as branches, liaison offices, and local subsidiaries) located within the EU/EEA to business locations in Japan or to other overseas offices of our corporate group. The Personal Data transferred may include the Personal Data of customers as well as employees of our establishments located within the EU/EEA.

Transfers of Personal Data to Japan are made on the basis of the adequacy decision granted to Japan, or on the basis of Standard Contractual Clauses (SCCs) already concluded by our company.

Transfers of Personal Data to third countries other than Japan or EU/EEA Member States (excluding those countries or regions for which an adequacy decision has been granted) are carried out by concluding Standard Contractual Clauses.

For information on the adequacy decision granted to Japan, please refer to the website of the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection_en).

For information on how to obtain a copy of the Standard Contractual Clauses concluded by our company, please contact our Data Protection Officer (DPO).

 

11. Retention Period of Personal Data

The retention period for Personal Data is the statutory retention period prescribed by the laws of each EU Member State and Japan. Personal Data will be securely deleted without delay after the statutory retention period expires, unless retention is necessary in connection with the purpose of a contract or other Processing activity.

 

12. General Provisions

This Privacy Policy was last revised on 21 October 2025. We may amend this Privacy Policy based on applicable laws or in accordance with our internal policies. However, we will not use Personal Data of Data Subjects in any manner that is new or inconsistent with the original purposes of Processing without obtaining their prior consent.

​

​

​

bottom of page