Privacy policy
We at Balans Lab Co., Ltd. ("we", "us", "our" or "Balans Lab") value your privacy and are committed to taking care of your Personal Data, which is a responsibility that we take very seriously.
This Privacy Policy explains how we may use the Personal Data we collect when you are located in the United Kingdom visit our website (https://balans-lab.com/ ("Website")), purchase our products, make inquiries about our products, subscribe to our marketing communications, or participate in promotional campaigns, or engage in other related activities. It also explains how we comply with UK legislation related to data protection (UK General Data Protection "UK GDPR") and the UK data protection law Data Protection Act 2018 ''Data Protection Act'') and what your rights are under these legal frameworks.
For information on how personal data of individuals located outside the United Kingdom is handled, please refer to this Privacy Policy.
Balans Lab is the data controller for the services we provide. Our registered office is at 3-6-67-2 Sakurazaka, Chuo-ku, Fukuoka City, Fukuoka Prefecture, 810-0024, Japan.
1. Definitions
Unless otherwise indicated, terms used in this Privacy Policy are defined in appendix at the end of this Policy. Most of the definitions are derived from the UK GDPR which you can access from here and the Data Protection Act which you can access here.
2. What type of your Personal Data do we collect?
Personal Data means any information relating to you which allows us to identify you, either directly from that data or because we combine that information with other data about you.
When you use our Website, including when you purchase our products, subscribe to our marketing communications, or interact with us in relation to our products, you may provide us with your Personal Data, or we may obtain Personal Data about you.
We may process the following Personal Data:
- Contact details and personal identifiers: information such as your name, address, email address and telephone number.
- Purchase data: data on the products you have asked us to provide to you, such as date and time of purchase, customer number, order number, invoice number.
- Payment data: information relating to your payment transactions, including payment method and payment amount.
- Records of your interactions with us: information such as your contact history, content of inquiry, and other information provided during inquiries.
- Survey responses: information such as your name, address, email address, telephone number, social media account, survey responses, and bank account information.
- Prize campaign data: information such as your name, address, email address, details of the application for the prize campaign, result of the prize selection, the shipping address for the prize to the winner, and social media account information.
- Information related to influencers: information such as your name, address, email address, phone number, social media account information, transaction details, bank account information.
- Internet information: including the date and time of your visit or use of our Website, IP address, URL of the webpages viewed, products and services browsed and searched for, Website activity, browsing time on the Website, device type and ID, OS, country of access, browser type and plug-ins, and other IT system identifying information.
- Your marketing preferences: so that we know whether and how we should contact you. You can stop receiving our marketing communications at any time, free of charge, through the methods displayed as part of any communication such as the unsubscribe link in our emails. Or further information on this please see the section 6. below.
3. Where do we collect your Personal Data from?
We will collect Personal Data from several sources. These include the following:
Directly from you: when you use our Website, purchase or order our products (including samples), participate in prize campaigns, contact us by email or communicate with us directly in some other way.
From publicly available information: Regarding influencers, we may obtain publicly available information such as social media account details.
Our Website: provides us with information about how you use it and the devices that you use to connect to our Website. Like many other Websites, we use so-called "cookies". Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our Website. If you have given your consent to our use of cookies, we do so to improve the use of our Website, analyse our Website or to display advertising on our Website. You can revoke your consent to our use of cookies any time.
4. Why do we collect your Personal Data and on what legal basis?
The table below describes the main purposes for which we process your personal data, the categories of your information involved and our lawful basis for being able to do this.
| Purpose | Personal Data used | Lawful basis |
|---|---|---|
| So that we can provide our website to you | IP address, browser type, device ID, geolocation, consent information regarding the use of cookies | We have a legitimate interest in our website working properly |
| Ensuring IT support and network security | Date and time of access, IP address, URL of the webpages viewed, products and services browsed and searched for, website activity, browsing time on the website, device, OS and browser information, country of access | We have a legitimate interest in ensuring our systems are secure |
| To provide our products to customers | Name, address, email address, telephone number, purchased products (including samples) | This is necessary to fulfil our contract with you |
| To invoice you and receive payments from you | Name, address, payment method, payment amounts | This is necessary to fulfil our contract with you |
| To respond to customer inquiries | Name, address, email address, telephone number, purpose and content of the inquiry, Information you provide when making inquiries | This is necessary to fulfil our contract with you |
| To conduct surveys and utilize the results to improve our products and services | Name, address, email address, telephone number, social media account information, survey responses, bank account information | We only process personal data through surveys if you gave us your consent |
| Marketing products which may be of potential interest to you and offering promotions | Name, email address, marketing preferences | We have a legitimate interest to provide you with information about or products including those that are the same or similar to the ones you have inquired about If we cannot rely on legitimate interest as our lawful basis for processing, then we will obtain consent from you |
| To manage the operation of prize campaigns | Name, address, email address, telephone number, social media account information, details of the application, result of the prize selection, social media account information, application details and prize draw results | This is necessary to fulfil our contract with you |
| To request collaborations with influencers and process reward payments | Name, address, email address, telephone number, social media account information, transaction details, bank account information | This is necessary to fulfil our contract with you |
| To analyse our website usage to improve and enhance our services | Cookies, IP address, browser type, plug-ins device type and ID, country of access, browsing history, history of viewed and searched products, website activity, time spent on the website | We only process your personal data for analysing purposes if you gave us your consent |
| To optimize our ad delivery on our website | Cookies, IP address, browser type, plug-ins device type and ID, country of access, browsing history, history of viewed and searched products, website activity, time spent on the website | We only process your personal data for advertisement purposes if you gave us your consent |
| Storage of records relating to you and also records relating to our business | All the personal information we collect about you | To be able to manage and fulfil our contract with you, we may have a legal and/or regulatory obligation to do so and we also have a legitimate interest to keep proper records |
Some of your Personal Data may be required due to legal, contractual, or other obligations. Failure to provide this data may impact our ability to fulfil our contract with you or comply with relevant legal obligations. For other Personal Data, whilst you may not be under an obligation to provide it to us, if you do not provide it, we may not be able to properly perform our services for you. Without your Personal Data, you may be unable to complete bookings or purchases on our Website.
Providing Personal Data for marketing is optional. Refusal to provide this data has no negative consequences but means that we cannot offer personalised marketing messages or promotional offers. If you gave us your consent for marketing purposes, you can revoke your consent or object the processing at any time by sending a message following the information in section "Contact Information".
5. Who we share your Personal Data with?
In order to operate our Website and provide you with the products you have purchased we may need to share your Personal Data with third parties. This includes sharing your Personal Data with companies engaged by us to manage our relationship with you and provide you the services described above.
We may share your personal data with the following recipients:
- Cookie Consent Management Provider: We manage information regarding your device's cookie consent using a Consent Management Platform (CMP), and consent information may be shared with the CMP providers, companies located in Canada and Estonia. We transfer the data based on an adequacy decision.
- Order processing, shipping, and delivery management provider: Your Personal Data may be shared with order processing, shipping management, and delivery service providers to the extent necessary for managing orders, shipments, and deliveries. We use a platform service provided by a company located in Canada and Denmark. Additionally, we may provide the necessary information for mailing to companies located in the United Kingdom and the United States. We transfer such personal data to companies located in Japan, Canada and Denmark based on an adequacy decision, and to companies in the United States based on the Standard Contractual Clauses (SCCs) and as modified by the UK Approved Addendum.
- Advertising platform provider: As mentioned above, our Website uses cookies. The personal data listed in the "Personal Data used" column of the rows for "To analyse our Website usage in order to improve and enhance our services" and "To optimize our ad delivery on our Website" in section 4. above may be transferred to Google LLC and Meta Platforms, Inc. Google LLC is certified for compliance with the Data Privacy Framework (DPF) principles and adheres to the UK Extension to the DPF. We transfer the data based on the adequacy decision. Additionally, we transfer the data to Meta Platforms, Inc. based on Standard Contractual Clauses (SCCs) and as modified by the UK Approved Addendum.
- Email Marketing provider: We use a marketing tool provided by a company located in Canada and Singapore, and customer personal data is shared with that company. We transfer the data to company located in Canada based on an adequacy decision and to company located in Singapore based on Standard Contractual Clauses (SCCs) and as modified by the UK Approved Addendum.
- Surveys provider: We conduct customer surveys using an application provided by a company located in Japan, and customer personal data is shared with that company. We transfer the data based on an adequacy decision.
- Consultants and accountants: such as legal or tax consultants and accountants, to comply with legal obligations. We may share personal data with consultants and accountants in Japan, in which case the transfer is based on an adequacy decision.
- Government and law enforcement agencies: where we are required to do so by law or to assist with their investigations or initiatives.
We do not disclose Personal Data to anyone else except as set out above unless we have your consent, or we are legally obliged to do so. These recipients will only process your Personal Data to perform tasks and duties on our behalf and in compliance with this Privacy Policy and governing data protection laws.
6. Direct Marketing
From time to time, we may contact you by email and/or direct mail with information about products we believe you may be interested in.
Marketing emails and direct mail will only be sent when you tell us that you wish to receive marketing related messages, subscribe to our newsletter or when you have purchased similar products with us previously.
You can opt out any time if you do not wish to receive any marketing messages by clicking on the unsubscribe link in any marketing email you receive to unsubscribe from future marketing communications.
7. International data transfers
In the course of our operations, it may be necessary to transfer your Personal Data to recipients located outside the United Kingdom (UK). These transfers may be to our partners or service providers who are located in regions, such as the United States with differing data protection laws than those in your country. Specific information is provided in Section 5. above. When transferring your Personal Data internationally we implement appropriate safeguards to ensure the security and confidentiality of your data. These safeguards, when we cannot rely on an issued Adequacy Decision, may include for example Standard Contractual Clauses (SCCs) and as modified by the UK Approved Addendum.
8. How long do we keep Personal Data for?
Generally, we will retain your Personal Data for as long as we need it for the purposes for which it was collected. The duration for which we retain your Personal Data will differ depending on the type of information and the reason why we collected it from you. However, in some cases Personal Data may be retained on a long-term basis: for example, Personal Data that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements.
In addition, we may be allowed to retain Personal Data whenever you have given consent to such processing (e.g. subscription to our newsletter), as long as such consent is not withdrawn.
9. Data security
We take the security of your information very seriously and only handle Personal Data as permitted by data protection regulations. We use a variety of technical and organizational measures to help protect your Personal Data from unauthorized access, disclosure, modification, loss or destruction in accordance with applicable data protection laws. When handling Personal Data, our employees are obliged to comply with the regulations of the GDPR.
10. Your rights in relation to your Personal Data
If you are located in the United Kingdom, you have the following rights regarding your personal data:
Right of Access - you have the right to be informed about how we are using your Personal Data and the right to access that data that we hold about you.
Right to Erasure or "Right to be Forgotten" – you have the right to ask us to delete your Personal Data provided that there are no valid grounds for us to keep it, for example we may have to keep some or all of the Personal Data to comply with legal obligation or in respect of any legal claims.
Right to Data Portability – you have the right to receive the Personal Data you have provided to us in a digital format or in certain circumstances and where technically feasible the right to ask us to transmit the data to another organization.
Right of Rectification – you have the right to ask us to amend the Personal Data that we hold about you where believe it is inaccurate or incomplete.
Right to Object - in certain circumstances, you have the right to object to the processing of your Personal Data and to ask us to block, erase and restrict our use of your personal data.
Automated Decision Making – we may process your Personal Data by solely automated means (without human intervention), including for profiling. Where such processing may have a legal or similarly significant effect on you, you have the right not to remain subject to any decisions based on such automatic processing, except as otherwise provided by law. You have the right to understand when and how automated decisions are made about you, and the factors involved and you have the right to challenge these decisions, request human intervention, express your point of view, and seek a review of the decision.
Right to Withdraw Consent or Right of Opposition – if you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
Right of Limitation - you have the right to request the limitation of the Processing of your Personal Data, in the form of: (i) suspension of Processing or (ii) limitation of the scope of Processing to certain categories of Personal Data or purposes of Processing.
Right to lodge a complaint – you have the right to complain to the supervisory authority, in addition to us.
The exercise of rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be charged regarding its costs. The period for handling a request is 30 days unless it is a particularly complex request. However, that period may be extended by two further months where necessary, considering the complexity and number of the requests.
Once our specified retention period has expired, we shall delete the relevant Personal Data. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of such retention period.
11. Processing data in relation to children
We do not knowingly collect Personal Data from persons who are not legally permitted to use our services without obtaining parental consent. If it comes to our attention that we have collected or processed Personal Data from such a person, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us using the following address: privacy@balanslab.jp
12. Change of this Privacy Policy
We may need to make changes to this Privacy Policy to ensure that it complies with current legal requirements or to implement changes to the services detailed in the Privacy Policy. In this case, your future visits to our Website will be subject to the updated Privacy Policy.
13. Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, or your choices and rights regarding such use please do not hesitate to contact us by:
Email at: privacy@balanslab.jp
Post to: 3-6-67-2 Sakurazaka, Chuo-ku, Fukuoka City, Fukuoka Prefecture, 810-0024, Japan
Data Subject Requests from UK Data Subjects according to the GDPR
We value your Data Subject Rights under UK GDPR and have therefore appointed Prighter Ltd (20 Mortlake Mortlake High Street, London, SW14 8JN, United Kingdom) as representative according to Art 27 UK GDPR. We provide you with an easy way to submit a privacy related request like a request to access or erase your personal data by visiting: https://app.prighter.com/portal/18333849911
This Policy was last updated:2025/7/2
Appendix
| Term | Definition |
|---|---|
| Consent (of the Data Subject) | means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her. |
| Contract (Performance) | means concluding, maintaining, and completing of a contract concluded between the Controller and a Data Subject, including Processing activities which take place at the request of the Data Subject before entering into a contractual relation. |
| Controller | means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. |
| Data Subject | is any natural person whose Personal Data is being collected, held or processed. Examples of a Data Subject can be an individual, a customer, a prospect, an employee, a contact person, etc. |
| Direct Marketing | means personal data processed to communicate a marketing or advertising message. This definition includes messages from commercial organisations, as well as from charities and political organisations. |
| Legitimate Interest | means the Controller's interest to process Personal Data in order to carry out tasks related to the Controller's business activities. The processing of Personal Data in that context may not necessarily be justified by a legal obligation or carried out to execute the terms of a contract with a Data Subject. |
| Personal Data | means any information relating to an identified or identifiable natural person ('Data Subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Processing | means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
| Recipient | means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with UK law shall not be regarded as Recipients; the Processing of those Personal Data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the Processing. |