Techpapa Technology Pvt. Ltd

TechPAPA promises the remarkable boost in your business ROI and revenue with its meticulous web solutions.

202, Second Floor, C 6, Sector 7, Noida, Uttar Pradesh 201301


C/O Nahid Jags Sonali Garden Suite 27 18 Sutton Street London Uk E1 OAG


95 Crestridge Drive, Suite 600 Suwanee, GA 30024

info@techpapa.in 315-565-2774

Reach Us:



Sector 132, Noida, UP 201304

+91 7838700506

+91 9643404753



Personal Information Protection Principles

techPAPA Inc. (hereinafter referred to as the “Company”) regards balancing the utilization and protection of personal information as a building block for realizing the Company’s mission of “Good Innovation.” The evolution of communication technology is drastically changing the Company’s field of business and there are increasingly more areas of business dealing with such personal information.

The Company declares its commitment to managing and protecting personal information through “Personal Information Protection Principles” in compliance with Japan’s “Act on the Protection of Personal Information,” “Guidelines Pertaining to the Act on the Protection of Personal Information” and “The General Data Protection Regulation (EU) 2016/679; GDPR.”

1. Handling of Personal Information

  1. Purpose of Use
    The Company shall obtain personal information in a fair and appropriate manner for the purposes defined within the range described in Table 1. Should there be any kind of personal information outside the list of “Types of Personal Information” in Table 1, such information will be put to use after the purpose of each use is made known or publicized and upon consent of the relevant individual(s).
  2. Outsourcing Management
    The Company will outsource part of its operations pertaining to personal information to its supplier companies as described in “Status of Outsourcing” and “Scope of Outsourcing” in Tables 1 and 2. The Company regards management of supplier companies as top priority, selecting only those supplier companies who meet or exceed the Company’s standard of personal information protection and specifying their responsibilities in written contracts before awarding them projects. The Company also demands of its supplier companies appropriate handling of personal information and will continue to supervise and evaluate them to safeguard operations.
  3. Provision to Third Party
    The Company shall not, in principle, disclose and/or provide personal information to any third parties. If any such disclosure and/or provision of personal information should be conducted, it is to be done appropriately and in compliance with the relevant laws.
  4. Shared Usage
    The Company will share personal information on occasions such as seminars conducted jointly with an affiliate company(s) of the Company and/or with other company(s) in a business relationship with the Company. On such an occasion, the Company shall inform and/or publicize the purpose of its use, the kind of personal information to be used, with whom the personal information would be shared, and the person in charge prior to the event. The Company shall also make sure that all participating companies take the strictest of security measures.
  5. Disclosure and Inquiries
    Any request or inquiry as to where and how to retrieve or to be advised of personal information which the Company has directly obtained, such as that included in Table 1, can be addressed to the contact person to whom the relevant personal information was originally given or to the Corporate Communications Department of the Corporate Communications Division of the Company. Information will then be provided as to the specific procedure of the request form and the required fee. Upon a formal request, the requester will be asked to present personal identification or proof of representation of the relevant individual. The Company does not currently participate in an authorized personal information protection organization.

2. Compliance with the Law

The Company shall strictly abide by any and all applicable laws and regulations, contracts and other policies pertaining to protection of personal information.

3. Security Measures

The Company shall implement security measures to manage and prevent leakage and other mishandling of personal information by specific actions including maintaining and improving its internal information management system, educating and inspiring its employees, controlling access to office spaces, IT security measures and so forth. Also, personal information that is no longer to be retained shall be destroyed or deleted in a secure and appropriate manner.

4. Continuous Improvements

The Company shall continuously evaluate and improve its personal information management system, including this set of principles, to reflect any changes in the demands of its clients and other business partners as well as those of the social environment and thus maintain its standard of excellence in handling and protecting personal information.

Table 1: Personal Information to Be Obtained Directly by the Company

Type of Personal
Purpose of Use Method of
Status of
Scope of Outsourcing
Personal Information of Clients Invitation and/or communication of the services including proposals, special offers, seminars, questionnaires, etc. Obtain directly from individual (via business card, email, etc.) Yes Delivery of invitation letters, operation of events and seminars
Delivery of publications, newspapers, seasonal greetings, etc. Yes Delivery of publications, newspapers and goods
Communication and analysis of results of various verification tests (including those conducted by the consortium) Yes Secretariat work, research and analysis
Personal Information of Business Partners Invitation and/or communication of the services including proposals, special offers and seminars directed to outsourced companies, etc. Obtain directly from individual No
Delivery of publications, newspapers, seasonal greetings, etc. Yes Delivery of publications, newspapers and goods
Visitors at the Company’s Offices Notification of arrival of the visitor to the person visited and gatekeeping at office entrances Obtain directly from individual Yes Reception and related services
Personal Information of Talent/Celebrity Obtained via Third Party or in Other Ways Negotiation, production and management re: talent/celebrity appearance in a broadcast program, TV commercial, event, seminar, etc. Obtain directly from individual, or from his/her agent No
Personal Information of Job Applicants for the Company Operation and communication of job posting, recruitment and screening. Survey for the purpose of future recruitment activities. Personnel database after enrollment. Obtain directly from individual Yes Operations of recruitment activities including screening, scheduling, communication and execution/tabulation of survey
Personal Information of Shareholders Execution of the Company’s rights and responsibilities in accordance with the Japanese Companies Act, provision of various benefits by the Company, activities for betterment of relationship between shareholders and the Company, management of shareholders for creating shareholder statistics as regulated and standardized by the relevant laws and regulations Via Japan Securities Depository Center or obtained directly from individual Yes Preparation of list of shareholders, notification of dividends, shareholders meetings and other share-related administrative operations and procedures
Personal Information of People Who Make Inquiries to the Company Handling of inquiries, requests, complaints, etc. Obtain directly from individual (via telephone, email, fax, letter, etc.) No
Personal Information of Employees of techPAPA Group Companies Organization of business operations and business development activities (details announced separately internally) Obtain directly from individual or via each Group company Yes Application differs case by case (announced separately internally)
Personal Information Obtained via Third Party General survey, consumer awareness & behavior research, operation of personalized data management (information based on personal attributes and behaviors) Obtain via documentation and/or electronic data Yes Research, analysis, list management, database server management, opt-in mail delivery, etc.

Table 2: Personal Information to Be Obtained for Commissioned Work

Type of Personal
Scope of Commissioned Work
(Purpose of Use)
Status of
Scope of Outsourcing
Personal Information Entrusted by Clients for Execution of Commissioned Work Execution of commissioned work which includes sweepstakes, consumer promotions, events, membership offerings, delivery of brochures upon request and handling of inquiries, general surveys, consumer awareness and behavior research, personalized data management (information based on personal attributes and behaviors), etc. Yes Implementation of sweepstakes, delivery of prizes and goods, research, analysis, list management, promotion office management, delivery of direct mails, database server management, opt-in mail delivery, etc.

5. Handling of Anonymized Processing Information

The Company shall stipulate the handling of “anonymously processed information” as set forth in the Act on the Protection of Personal Information, as follows:.

  1. Compliance with Related Laws
    The Company will properly handle the anonymously processed information in compliance with the Personal Information Protection Law, other laws and regulations, the Personal Information Protection Law Guidelines, and other guidelines.
  2. Items of Personal Information Included in Anonymously Processed Information Prepared by the Company.
    The Company has not prepared anonymously processed information at the time of the formulation of “Personal Information Protection Principles”.
  3. Security Control Measures
    In the future, when the Company prepares the anonymously processed information, it will take necessary and appropriate safety control measures to prevent leakage, loss, or damage in accordance with the standards set forth in the Rules of the Personal Information Protection Commission.
  4. Provision to Third Parties
    The Company has not provided the anonymously processed information to any third party at the time of the formulation of “Personal Information Protection Principles”. In the future, when the Company provides the anonymously processed information to a third party, in accordance with the Rules of the Personal Information Protection Commission, the items of personal information contained in the anonymously processed information provided to a third party and the method of provision thereof shall be publicized in advance, and the fact that the information pertaining to said provision is anonymously processed information shall be clearly indicated to said third party.
  5. Prohibition of Identifying Acts
    When handling anonymously processed information, the Company shall neither (i) acquire the descriptions or individual identification codes deleted from personal information, or information relating to a processing method carried out in the process of producing the anonymously processed information, nor (ii) collate such anonymously processed information with other information in order to identify a principal who could be identified based on the anonymously processed information.

6. Handling of EU Resident Data

The Company shall stipulate the handling of information that identifies, or could be used to identify, residents in the European Union (hereinafter referred to as “EU resident data”) including Iceland, Liechtenstein and Norway (hereinafter referred to as “EU”) based on the European Union Member States and the European Economic Area Agreement. Each natural person who is a subject of the EU resident data shall be referred to as an “EU resident data subject”, as follows. The provisions of 2: “Compliance with the Law,” 3: “Security Measures” and 4: “Continuous Improvements” apply to the handling of data of an EU resident.

  1. As “Data Controller”
    • (1) Obtaining consent
      In the event that we handle EU resident data as a “Data Controller” in GDPR, the Company shall clearly indicate to the EU resident data subject the purpose of handling the EU resident data as well as other GDPR matters to be notified, and shall obtain the express consent of the EU resident data subject to the use thereof, unless there is a legal basis for handling such data without consent of the subject. Explanations when obtaining consent shall be stated in a clear and plain language and will be clearly distinguishable from other matters in a form that is easy to understand and easily accessible.
    • (2) Record of consent
      The Company shall retain records to enable consent to the handling of EU resident data obtained from EU resident data subjects, to be presented upon request for proof of their consent.
    • (3) Requests from EU resident data subject
      With respect to the data of EU residents handled by the Company, the Company shall respond in accordance with the provisions of the GDPR when a data subject exercises its rights under GDPR.
  2. As “Data Processor”
    If the Company handles the EU resident data as a “Data Processor” in GDPR, the Company shall appropriately handle the relevant EU resident data in accordance with the instructions of Data Controller of the relevant EU resident data.
  3. Contact information
    For requests and inquiries regarding the exercise of rights recognized as a data subject in GDPR, please contact the following address with respect to the EU resident data handled by the Company as a Data Controller in GDPR.
    In responding to your request, the Company will confirm that you are the principal or the representative of the principal.

    • Data Protection Officer and contact information:
      techPAPA Inc., C-6, Sec-7, Noida, 201301