1. TOP
  2. Data Protection Statement

Data Protection Statement

DATA PROTECTION

Data Protection Statement

Effective date: June 22, 2026

BRIDGE MULTILINGUAL SOLUTIONS

BRIDGE MULTILINGUAL SOLUTIONS (“BMS”, “we”, “us” or “our”) recognizes the protection of personal information and personal data as an important responsibility in connection with our translation, interpretation, multilingual contact center, foreign resident support, document processing and related services.

We comply with the Act on the Protection of Personal Information of Japan and other applicable laws and regulations. Where the EU General Data Protection Regulation (“GDPR”) applies, we endeavor to maintain a data protection framework designed to address GDPR-related requirements.

1. Our basic approach

We handle personal information and personal data in accordance with the following principles:

  • We clarify the purposes of processing and process personal data only to the extent necessary.
  • We process personal data entrusted by customers in accordance with customer instructions.
  • We restrict access to personal data to personnel who need such access for business purposes.
  • We require appropriate confidentiality and data protection obligations from our employees, interpreters, translators, operators and service providers.
  • We implement appropriate security measures to help prevent unauthorized access, leakage, loss, destruction, damage, alteration or disclosure of personal data.
  • We periodically review and improve our data protection practices.

2. Our role under the GDPR

Depending on the relevant service and processing activity, BMS may act as either a Controller or a Processor under the GDPR.

Where BMS determines the purposes and means of processing, BMS acts as a Controller.

Where a customer determines the purposes and means of processing and BMS processes personal data on behalf of the customer in connection with translation, interpretation, contact center, document processing or related services, BMS acts as a Processor.

3. Customer personal data

Where documents, audio files, call records, inquiry details, source materials for translation or other data provided by a customer contain personal data, BMS processes such personal data in accordance with the applicable contract, statement of work, customer instructions and applicable laws.

BMS does not use customer personal data for purposes other than providing the relevant services as instructed by the customer.

Unless separately agreed with the customer, BMS does not use customer personal data for BMS’s own marketing, AI model training, unrelated analytics or other independent purposes.

4. Security measures

BMS implements technical and organizational measures appropriate to the relevant risks, which may include:

  • Access rights management
  • User ID, password and authentication controls
  • Restrictions on access to personal data based on business necessity
  • Secure transmission and encryption or equivalent protection where appropriate
  • Logging and controls against unauthorized access
  • Anti-malware measures and security updates
  • Backup and recovery procedures
  • Secure storage and disposal of paper documents and storage media
  • Confidentiality obligations and training for employees, interpreters, translators and operators
  • Supplier and sub-processor management
  • Incident reporting and response procedures

5. Service providers and sub-processors

BMS may use cloud services, telecommunications services, translators, interpreters, system providers and other service providers or sub-processors to the extent necessary to provide the services.

When engaging service providers or sub-processors, BMS takes appropriate contractual or organizational measures where necessary, including confidentiality, security, restrictions on use, restrictions on further subcontracting, and return or deletion of personal data upon termination.

For customer engagements to which the GDPR applies, BMS addresses the use of sub-processors, prior notice, objection procedures and related matters in accordance with the applicable customer agreement or data processing addendum.

6. International transfers

BMS is located in Japan. Where BMS receives personal data from customers or individuals in the EU/EEA, such personal data may be transferred to Japan.

Japan has been recognized by the European Commission as providing an adequate level of protection for personal data. BMS handles personal data transferred from the EU/EEA to Japan in accordance with applicable laws and, where applicable, the supplementary rules relating to Japan’s adequacy framework.

Where BMS uses service providers, sub-processors or cloud services located in countries or regions outside Japan, BMS confirms appropriate transfer mechanisms where necessary, such as adequacy decisions, Standard Contractual Clauses or other valid transfer mechanisms.

7. Data subject rights

Where BMS receives a request from an individual regarding access, rectification, erasure, restriction of processing, data portability, objection or other rights under the GDPR or other applicable laws, BMS will respond appropriately depending on its role and applicable legal requirements.

Where BMS processes personal data as a Processor on behalf of a customer, BMS will generally notify the customer of the request and respond in accordance with the customer’s instructions.

8. Personal data breach and incident response

If BMS becomes aware of a personal data breach or suspected incident involving personal data, BMS will promptly investigate the facts, identify the scope of impact, take steps to prevent further damage, investigate the cause and implement measures to help prevent recurrence.

Where BMS processes personal data as a Processor on behalf of a customer, BMS will notify and cooperate with the customer in accordance with the applicable agreement and applicable laws if a personal data breach affects customer personal data.

9. Contractual data protection arrangements

For customer engagements to which the GDPR may apply, BMS addresses contractual data protection requirements where necessary, including data processing addenda, confidentiality agreements, personal data handling clauses, Standard Contractual Clauses and other relevant contractual arrangements.

10. Continuous improvement

BMS continuously reviews its data protection framework, procedures, records of processing, security measures and supplier management in light of changes in laws, guidelines, customer requirements, business operations and technology.

11. Contact

For inquiries regarding our handling of personal information and personal data, please contact:

BRIDGE MULTILINGUAL SOLUTIONS
Personal Information Inquiry Desk
E-mail: privacy@bridge-ms.com
TEL: +81-3-5366-6001
Business hours: 9:00–17:30, weekdays, Japan time

```