GDPR Notice

GDPR may apply when LynxNow processes personal data of individuals located in the EEA/UK/Switzerland in connection with offering services or interacting with them. This notice is provided to explain GDPR-style rights in a practical way.

If GDPR does not apply to your situation, you can still contact us for privacy requests, and we will respond in line with reasonable privacy practices and applicable local law.

Controller: LynxNow is typically the controller for website contact data and inquiry communications.

Processor: In some engagements, LynxNow may process data on behalf of a business client. In that case, roles and instructions may be defined in the engagement agreement.

Depending on the interaction, processing may rely on one or more lawful bases, such as:

• Contract / pre-contract steps: to respond to a request and prepare service scope.
• Legitimate interests: website security, preventing abuse, and maintaining reliable operations.
• Consent: for certain cookie categories or optional communications where consent is used.
• Legal obligations: where recordkeeping or compliance duties apply.

Where consent is used, you can withdraw it at any time using available controls or by contacting us.

Where GDPR applies, you may have the right to:

• Access — request a copy of personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion in certain circumstances.
• Restriction — request limited processing in certain circumstances.
• Portability — request a portable copy of certain data you provided.
• Objection — object to certain processing (for example, where based on legitimate interests).

These rights are subject to conditions and exceptions under GDPR.

Email [email protected] with “GDPR Request” in the subject line and include:

• your name and the email address used to contact us;
• the right you wish to exercise (access, deletion, correction, etc.);
• a short description of the request; and
• any reference details that help locate the data (for example, date of inquiry).

We may request minimal information necessary to confirm the request relates to you. We do not request passwords via email.

We retain inquiry communications for as long as needed to respond, maintain reasonable records, and handle potential disputes or compliance obligations. Retention duration depends on context and whether an engagement begins.

LynxNow operates from Japan. If GDPR applies, international transfers may occur when data is processed in Japan or by service providers in other regions. Where appropriate, we aim to use contractual safeguards suitable to the context and the provider relationship.

If LynxNow acts as a processor for a business client, we follow an instruction-based approach:

• process data only for the defined purpose and scope;
• limit access to those who need it for delivery;
• use reasonable measures for confidentiality and security; and
• support the client’s request handling when the request relates to that engagement.

The specific details and roles may be documented in a project scope or agreement.

Where GDPR applies, you may have the right to lodge a complaint with a supervisory authority in your country of residence or workplace. We encourage you to contact us first so we can address the request directly where possible.

CONTACTS_LINE: LynxNow Counsel K.K. | 2-7-14 Akasaka, Minato-ku, Tokyo 107-0052, Japan | +81 3-6822-9174 | [email protected] | JP-LNW-2026-0214 | Mon–Fri 10:00–19:00 (JST)