chevron_rightMARUNI INSTAGRAMclear

Maruni Wood Industry and its group companies (the “Company” or “we” or “us”) recognize the importance of protecting personal information and are committed to safeguarding it under the following policy.

Our Privacy Statement

This Privacy Policy applies to the processing of Personal Data (as defined below) which we collect from data subjects in the European Economic Area (“EEA”) in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation, the “GDPR”).  It also applies California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and to individuals in other countries and regions where our data practices comply with applicable local laws.

This Privacy Policy explains:

  • The types of personal data we collect and store,
  • How we use this information,
  • With whom we share it, and
  • How you can contact us for questions or concerns.

We encourage you to read this Privacy Policy carefully. If you do not agree with how we handle personal data, please refrain from providing it. However, doing so may affect our ability to offer you services, limit access to certain Website features, or impact your customer experience.

Article 1: Definition

The following terms used in this Privacy Policy are defined as follows:

  • Applicable Privacy Laws and Regulations: Refers to all relevant data protection laws and regulations, including the General Data Protection Regulation (“GDPR”) of the EU, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) in the United States, and other applicable privacy laws in jurisdictions where we operate.
  • Personal Data: Any information relating to an identified or identifiable natural person that is processed by the Company, as specified in Article 3 of this Privacy Policy.
  • Privacy Policy:Refers to this document.
  • Processing (Process or Processed): Any operation or set of operations performed on Personal Data, whether by automated or manual means. This includes, but not limited to, collection, recording, editing, structuring, storage, adaptation and/or alternation, retrieval, reference, use, disclosure, transmission, dissemination alignment, combination, restriction, erasure or destruction of data.
  • Controller: A natural or legal person, public authority or body, or other entity that Processes Personal Data on behalf of the Controller. The Processor follows the instructions of the Controller and does not determine the purposes or means of Processing., Website: Refers to https://www.maruni.com/en/

Article 2: Scope of Privacy Policy

This Privacy Policy applies to the Processing of Personal Data in accordance with the Applicable Privacy Laws and Regulations defined in Article 1. Maruni Wood Industry Inc. and its group companies act as the Controller for this Processing.

Article 3: Personal Data to be Collected

  1. The Company may collect the following Personal Data from customers, business partners, job applicants, employees, employees of its affiliates, and users of the Website:
    • Contact information: Name, company or organization, department, job title, address, phone number, email, social media IDs and other similar details.
    • Technical details (for Website visitors: IP address, cookies, operating system, browser type, device details (e.g., serial number, unique identification number, MAC address), and technical/event-based data related to your usage device usage (e.g. internet and Bluetooth connectivity data and session duration).
    • Other information you provide: Any opinions, feedback or additional details submitted to the company.
  2. The company does not collect sensitive Personal Data, (such as health-related data), unless permitted or required by Applicable Privacy Laws and Regulations.

Article 4: Legal Basis of Data Processing

The Company may Process your Personal Data for the purposes outlined below, in accordance with Applicable Privacy Laws and Regulations. Processing is carried out based on the following legal grounds:

  1. Your Consent: When you have explicitly given your consent for specific data processing activities.
  2. Legitimate Interests: Where Processing is necessary for the Company's legitimate interests, provided these interests are not overridden by your data protection rights. Our legitimate interests include:
    • Offering you our products and services,
    • Ensuring business continuity,
    • Providing, improving, and developing our products, services, and advertising,
    • Informing you about our policies and terms,
    • Promoting safety and security,
    • Using personal data for business administration, data analysis, research, and audits,
    • Ensuring that content from the Website is displayed effectively for you,
    • Notifying you about changes to our products or services,
    • Managing your account, and
    • Complying with our legal obligations, enforcing our legal rights, or to protecting the rights of third parties.
  3. Legal Obligation: Where Processing is required to comply with legal or regulatory obligations.
  4. Protection of Legal Rights: Where necessary to protect the Company's legitimate interests and legal rights, provided that these interests and not overridden by your data protection rights.
  5. Regulatory Compliance and Legal Claims: Processing Personal Data in connection with compliance, regulatory requirements, audits, legal claims, litigation, and other ethics and compliance reporting obligations.

Article 5: Purposes of Processing the Personal Data

  1. The Company may Process Personal Data for the following purposes:
    • To offer you our products and services,
    • To ensure business continuity,
    • To provide, improve, and develop our products, services, and advertising,
    • To inform individuals about our policies and terms,
    • To respond to inquiries regarding products or services and contact the relevant individuals,
    • To provide requested materials and information,
    • To share information with business partners with the customer's approval,
    • To promote safety and security,
    • To conduct business administration, data analysis, research, and audits,
    • To ensure that content from the Website is presented effectively, and
    • To notify individuals about changes to our products, services or policies,
    • To fulfill obligations with employees, contractors, vendors and service providers,
    • To comply with legal and regulatory obligations, including reporting to or being audited by regulatory bodies,
    • To process job applications and recruitment-related activities,
    • To prevent fraud and detect security risks,
    • To manage access to systems, premises, platforms, and applications,
    • To comply with court orders and exercise or defend legal rights,
    • To protect the rights of third parties, and
    • As otherwise permitted or required by any Applicable Privacy Law or Regulations.

If the Company intends to Process Personal Data for any purpose other than what was specified at the time of collection, it will provide relevant information before such Processing occurs.

Article 6: International Transfer of Personal Data

The Company is headquartered in Japan, where it primarily Processes Personal Data. In some cases, Personal Data may be transferred to and from other jurisdictions, including the European Economic Area (EEA) and California, in compliance with Applicable Privacy Laws and Regulations.

  • Transfers from the EEA to Japan: The European Commission has granted Japan an adequacy decision under the GDPR, meaning Personal Data can be transferred from the EEA to Japan without additional safeguards.
  • Transfers from California to Japan: The Company ensures that such transfers comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) and follows legally required safeguards where applicable.
    • Transfers to other non-EEA, non-California jurisdictions: Where Personal Data is transferred to jurisdictions without an adequacy decision, the Company ensures that appropriate safeguards are in place, including:
    • Standard Contractual Clauses (SCCs) approved by the European Commission,
    • Other legally recognized transfer mechanisms as required under Applicable Privacy Laws and Regulations.

To obtain more details regarding the protection measures applied to Personal Data transferred internationally, you may contact the Company using the details provided in this Privacy Policy.

Article 7: Security

  1. Company implements appropriate organizational and technical security measures to protect the Personal Data and prevent misuse, loss or unauthorized alteration. In addition, the Company restricts access to Personal Data to employees, agents, contractors and other third parties who require such access to legitimate business purposes. Those individuals are bound by confidentiality obligations, either through their employment agreements or data processing agreements.
  2. When the Company entrusts with the handling of Personal Data, it requires them to implement appropriate security measures through contractual agreements and exercises necessary and appropriate supervision over their compliance.

Article 8: Retention Periods

  1. The Company does not retain Personal Data longer than necessary for the purposes for which it was collected and processed.
  2. Data subjects may request the Company to delete their Personal Data at any time. Additionally, when Personal Data is no longer necessary for its original purpose or required by law, , the Company securely deletes or anonymizes such Personal Data.

Article 9: Cookies

The Company uses cookies to ensure that the Website functions properly and provides optimal user experience. For detailed information about the types of cookies used, their purposes, and how you can manage your cookie preferences, please refer to our Cookie Policy.

Article 10: Data Breaches

In the event of a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to, Personal Data is transmitted, stored or otherwise processed, the Company has established mechanisms and policies to promptly identify, assess, and respond to such incidents.

Based on the outcome of the assessment, the Company will:

  • Notify the relevant supervisory authorities as required by Applicable Privacy Laws and Regulations, and
  • Inform affected data subjects, including you, if required by law.

Article 11 Rights of Data Subject

  1. Right to Withdraw Consent: If the Processing of the Personal Data is based on consent, the data subject has the right to withdraw consent at any time.
  2. Right to Access: Data subjects have the right to request access to their Personal Data, allowing them to receive a copy of the data retained by the Company.
  3. Right to Rectification: Data subjects may request the correction of incomplete or inaccurate Personal Data c retained by the Company.
  4. Right to Erasure: Data subjects may request the deletion of their Personal Data if there are no legitimate reasons for the Company to continue Processing it
  5. Right to Object:
    • If the Company Processes Personal Data for direct marketing purposes, data subject may object at any time, and the Company immediately stop Processing.
    • If Processing is based on legitimate interests, the Company will cease Processing unless it has compelling legitimate grounds that: (i) override the Data Subject’s rights, or(ii) relate to legal claims or actions.
  6. Right to Restrict Processing: Data subjects may request restriction on the Processing of their Personal Data under certain circumstances.
  7. Right to Data Portability: Data subjects may request the transfer of their Personal Data to themselves or to a third party in a structured, commonly used, machine-readable format. This right applies only to Personal Data that:
    • Was originally provided by the Data Subject, and
    • Is Processed automatically, based on consent or contractual agreement.
  8. Exercising Rights & Response Time:
    • The exercise of these rights is free of charge.
    • The Company will respond within one (1) month of receiving the request. If the request is complex or multiple requests are received, this period may be extended by up to two (2) additional months. The Company will notify the Data Subject of the Data subject of any extension within the initial one (1) month period.
  9. Excessive or Unfounded Requests:
    • If a request from is clearly unfounded or excessive (repeated requests), the Company may:
    • Charge a reasonable fee, or
    • Refuse to respond to the request.
  10. Right to Lodge a Complaint:
    • Data subjects may file a complaint with a supervisory authority in the EU Member State where they reside, work, or where an alleged GDPR violation occurred.
    • However, the Company encourages Data subjects to contact it first to the to resolve concerns before escalating the issue.
    • California Residents: For rights specific to California residents under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), please refer to [Article 12: California Privacy Rights].

Article 12 California Privacy Rights

This section applies only to residents of California under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). California residents have the following rights regarding their Personal Data:

  1. Right to Know: The right to request information about what Personal Data the Company collects, uses, shares, or sells, including:
    • Categories of Personal Data collected
    • Sources from which Personal Data is obtained
    • Purpose of collecting or sharing Personal Data
    • Categories of third parties with whom the Company shares Personal Data
  2. Right to Delete: The right to request deletion of Personal Data collected, subject to legal exceptions.
  3. Right to Correct: The right to request correction of inaccurate Personal Data maintained by the Company.
  4. Right to Opt-Out of Sale or Sharing: If the Company sells or shares Personal Data for targeted advertising, California residents have the right to opt out. (The Company does not sell Personal Data.)
  5. Right to Limit Use of Sensitive Personal Data: If the Company processes sensitive Personal Data, users can request that its use be limited to necessary purposes only.
  6. Right to Non-Discrimination: The Company will not deny services, charge different prices, or provide a different quality of service based on the exercise of privacy rights.

How to Exercise Your Rights

California residents may exercise their rights by contacting the Company using the details provided in [Article 13: Contact].

Article 13 Contact

For any inquiries or complains, or requests regarding this Privacy Policy, or if you wish to exercise your rights under in Article 11 (Data Subjects Rights) or Article 12 (California Privacy Rights), please contact the Company using the following contact details:

Maruni Wood Industry, Inc.
Management Headquarters,
24 Shirasuna, Saeki-ku, Hiroshima City, Hiroshima Prefecture, Japan
Email address:contact@maruni.com

Article 13 External links

The Website may contain links, banners, or references to third-party websites. i. The Company does not control the content, policies, or practices of these third parties and is not responsible for their compliance with the Applicable Privacy Laws and Regulations. Users are encouraged to carefully review the privacy policies of any third-party websites they visit.

Article 14 Miscellaneous

  1. The Company reserves the right to revise this Privacy Policy on periodically. It is the responsibility of the Data Subject to review the latest version of this Privacy Policy regularly. The most recent Privacy Policy was made in April 2025.
  2. If a provision of this Privacy Policy i conflicts with applicable laws or regulations, it shall be replaced with a provision that preserves the original intent to the extent legally permissible. In such case, the remaining provisions shall remain in full effect.
  3. Governing Law & Jurisdiction: This Privacy Policy shall be governed by and interpreted in accordance with the laws of Japan. Any disputes arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Hiroshima, Japan.