Privacy Policy - HLW CNC machining

Last Updated: [2025、12、21]

This Privacy Policy (the “Policy”) explains how HLW (hereinafter referred to as “we”, “us”, or “our”) collects, uses, stores, discloses, and protects the personal information of users (hereinafter referred to as “you” or “user”) who access and use our website (the “Website”). We are committed to complying with applicable data protection laws, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

By accessing or using the Website, you acknowledge that you have read, understood, and agreed to the terms of this Policy. If you do not agree with any part of this Policy, please do not access or use the Website.

1. Definitions

“Personal Information” means any information relating to an identified or identifiable natural person. Under GDPR, this includes but is not limited to names, email addresses, phone numbers, postal addresses, IP addresses, and payment details. Under CCPA/CPRA, it also includes information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

“Sensitive Personal Information” means personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data, biometric data for the purpose of uniquely identifying a natural person; data concerning health or data concerning a natural person’s sex life or sexual orientation (under GDPR); and for CCPA/CPRA, it includes social security numbers, driver’s license numbers, account passwords, precise geolocation data, and certain health or biometric information.

“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (under GDPR).

“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller (under GDPR).

2. Collection of Personal Information

2.1 Types of Personal Information Collected

We may collect the following categories of Personal Information from you:

Information You Provide Voluntarily: This includes information you submit when subscribing to our newsletter, contacting our customer support, or participating in surveys or promotions. Examples include your name, email address, phone number, postal address, and any other information you choose to provide.

Information Collected Automatically: When you access and use the Website, we may automatically collect certain information about your device and usage. This may include your IP address, browser type and version, operating system, device identifiers, access times, pages viewed, links clicked, and other usage data. We use cookies and similar tracking technologies to collect this information (see Section 6 for more details).
Information from Third Parties: We may receive Personal Information about you from third-party sources, such as payment processors, shipping providers, social media platforms (if you choose to link your social media account to our Website), and other business partners. We will only use such information if you have provided your consent to the third party to share it with us, or if the third party is legally permitted to disclose it to us.

2.2 Legal Basis for Collection (GDPR)

Under GDPR, we process your Personal Information only if we have a valid legal basis to do so. The legal bases we rely on include:

Consent: When you voluntarily provide your Personal Information for a specific purpose (e.g., subscribing to our newsletter), we process your information based on your explicit consent. You have the right to withdraw your consent at any time (see Section 5.7).

Compliance with a Legal Obligation: When we are required by law to process your Personal Information (e.g., retaining records as required by applicable regulations).

Legitimate Interests: When processing is necessary for our legitimate business interests, provided that such interests do not outweigh your fundamental rights and freedoms. Examples include improving our Website and services, preventing fraud, and conducting market research.

3. Use of Personal Information

We use the Personal Information we collect for the following purposes:

To provide, maintain, and improve the Website and our services.

To communicate with you, including sending subscription confirmations, customer support responses, and updates about our services or blog content.

To communicate with you, including sending order confirmations, shipping notifications, customer support responses, and updates about our services.
To send you marketing communications, such as newsletters, promotions, and special offers, where you have consented to receive such communications.
To personalize your experience on the Website, such as displaying content and offers tailored to your interests.
To monitor and analyze usage trends and preferences to improve the Website and our services.
To detect, prevent, and address fraud, security breaches, and other illegal activities.
To comply with applicable laws, regulations, and legal obligations.

We will not use your Personal Information for purposes other than those stated in this Policy without first obtaining your consent, unless such use is permitted by law.

4. Disclosure of Personal Information

We may disclose your Personal Information to the following categories of third parties:

Service Providers: We engage third-party service providers to perform services on our behalf, such as hosting, data analysis, marketing, and customer support. These service providers are authorized to process your Personal Information only to the extent necessary to perform their services for us, and they are obligated to protect your Personal Information and comply with applicable data protection laws.

Business Partners: We may share your Personal Information with our business partners for joint marketing or promotional purposes, provided that you have consented to such sharing.
Legal Authorities: We may disclose your Personal Information to law enforcement agencies, regulatory authorities, or other third parties if required to do so by law, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate or prevent fraud.
Business Transfers: In the event of a merger, acquisition, sale of assets, or other business transfer, your Personal Information may be transferred to the acquiring or successor entity. We will notify you in advance of any such transfer and ensure that the acquiring entity complies with the terms of this Policy.

We will not sell your Personal Information to third parties for commercial purposes, except as permitted by CCPA/CPRA and with your explicit consent.

5. Your Rights as a Data Subject

Under applicable data protection laws (including GDPR and CCPA/CPRA), you have the following rights with respect to your Personal Information. We will respond to all valid requests in a timely manner, in accordance with applicable law.

5.1 Right of Access (GDPR and CCPA/CPRA)

You have the right to request confirmation of whether we are processing your Personal Information, and if so, to access a copy of your Personal Information. You also have the right to request additional information about our processing activities, such as the purposes of processing, the categories of Personal Information processed, and the categories of third parties to whom your Personal Information has been disclosed.

5.2 Right to Correction (GDPR and CCPA/CPRA)

You have the right to request that we correct any inaccurate or incomplete Personal Information about you. We will take reasonable steps to verify the accuracy of the information before making any corrections.

5.3 Right to Erasure (“Right to be Forgotten”) (GDPR)

You have the right to request that we erase your Personal Information if: (i) the Personal Information is no longer necessary for the purposes for which it was collected; (ii) you withdraw your consent and there is no other legal basis for processing; (iii) you object to processing and there are no overriding legitimate interests; (iv) the Personal Information has been processed unlawfully; or (v) erasure is required by law. We will not erase your Personal Information if we are required to retain it by law, or if retention is necessary for the performance of a contract or the protection of legitimate interests.

5.4 Right to Restriction of Processing (GDPR)

You have the right to request that we restrict the processing of your Personal Information if: (i) you contest the accuracy of the Personal Information; (ii) processing is unlawful but you do not want it erased; (iii) we no longer need the Personal Information but you need it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to processing and we are assessing whether our legitimate interests override your rights. During the restriction period, we will only process your Personal Information with your consent, or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person.

5.5 Right to Data Portability (GDPR)

You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format, and to transmit that information to another data controller without hindrance from us, where processing is based on consent.

5.6 Right to Object (GDPR and CCPA/CPRA)

You have the right to object to the processing of your Personal Information if processing is based on our legitimate interests or for direct marketing purposes. We will stop processing your Personal Information unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. For direct marketing, we will stop processing your Personal Information immediately upon receipt of your objection.

5.7 Right to Withdraw Consent (GDPR)

If you have provided consent for the processing of your Personal Information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

5.8 Right to Opt-Out of Sale/Sharing (CCPA/CPRA)

If you are a California resident, you have the right to opt out of the sale or sharing of your Personal Information. To exercise this right, please contact us using the contact information provided in Section 10.

5.9 Right to Non-Discrimination (CCPA/CPRA)

We will not discriminate against you for exercising any of your rights under CCPA/CPRA. This means we will not deny you goods or services, charge you different prices or rates, or provide you with a different level or quality of goods or services because you have exercised your rights.

5.10 How to Exercise Your Rights

To exercise any of the above rights, please submit a request using the contact information provided in Section 10. We may require you to provide certain information to verify your identity before processing your request, to ensure that we are disclosing or modifying information only to the correct individual. If you are making a request on behalf of another person, you must provide written authorization from that person, along with proof of your identity.

6. Cookies and Similar Tracking Technologies

We use cookies and similar tracking technologies (such as web beacons, pixels, and JavaScript) to collect information about your usage of the Website. Cookies are small text files that are stored on your device when you access the Website. They help us improve the Website and your user experience by enabling us to recognize your device, remember your preferences, and analyze how you use the Website.

6.1 Types of Cookies We Use

Necessary Cookies: These cookies are essential for the operation of the Website. They enable you to navigate the Website and use its features. Without these cookies, the Website may not function properly. We do not need your consent to use necessary cookies.

Analytics Cookies: These cookies help us analyze how users interact with the Website, such as which pages are visited most frequently and how long users spend on each page. This information helps us improve the Website and our services. Analytics cookies may be set by us or by third-party service providers (such as Google Analytics).
Marketing Cookies: These cookies are used to deliver personalized marketing content to you, based on your interests and browsing history. They may also be used to measure the effectiveness of marketing campaigns. Marketing cookies are set by us or by third-party advertising partners.

6.2 Your Cookie Choices

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies, or to be notified when a cookie is being set. However, please note that blocking or deleting certain cookies may affect your ability to access and use certain features of the Website.

For more information about cookies and how to manage them, you can visitwww.allaboutcookies.org.

7. Data Security and Protection

We take the security of your Personal Information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit and at rest.
Access controls to limit access to Personal Information to authorized personnel only.
Regular security audits and assessments.
Employee training on data protection and security practices.

However, please note that no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your Personal Information, but we will take all reasonable steps to protect it.

8. Data Retention

We will retain your Personal Information for no longer than is necessary for the purposes for which it was collected, or as required by law. The retention period will be determined based on the following factors:

The purpose of processing (e.g., we will retain subscription information until you unsubscribe or the subscription period expires).

Legal and regulatory requirements (e.g., we will retain financial records for the period required by tax laws).
The need to defend legal claims (e.g., we will retain information relevant to potential legal disputes until the dispute is resolved).

Once your Personal Information is no longer needed, we will securely delete or anonymize it to ensure that it can no longer be associated with you.

9. Cross-Border Data Transfers

If you are located in the European Union (EU), your Personal Information may be transferred to countries outside the EU, including countries that are not recognized by the European Commission as providing an adequate level of data protection. We will ensure that such transfers comply with GDPR and provide adequate protection for your Personal Information by using one or more of the following mechanisms:

Transfer to a country that has received an adequacy decision from the European Commission (e.g., Japan, Switzerland).
Use of the European Commission’s Standard Contractual Clauses (SCCs) for transfers between data controllers and processors.
Implementation of other appropriate safeguards, such as encryption or anonymization, where applicable.

If you would like more information about the safeguards we use for cross-border data transfers, please contact us using the contact information provided in Section 10.

10. Contact Us

If you have any questions, concerns, or requests regarding this Policy or our processing of your Personal Information, please contact us at:

[Your Full Name/Company Name]

[Your Address]

Email: [Your Email Address]

Phone: [Your Phone Number]

If you are located in the EU, you also have the right to lodge a complaint with your local data protection authority if you are not satisfied with our response to your request or if you believe that our processing of your Personal Information violates GDPR.

11. Changes to This Policy

We may update this Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. When we make changes to this Policy, we will update the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically to stay informed about how we are protecting your Personal Information.

If we make material changes to this Policy (e.g., changes that significantly affect your rights or how we process your Personal Information), we will notify you by posting a prominent notice on the Website or by sending you an email (if you have provided us with your email address). Your continued use of the Website after the effective date of the updated Policy constitutes your acceptance of the changes.