PRIVACY POLICY

NIMS Alumni Network Privacy Policy

The National Institute for Materials Science (hereinafter referred to as "NIMS") establishes the following provisions regarding the handling of personal information of data subjects (hereinafter referred to as "Members") whose registration for the "NIMS Alumni Network" (hereinafter referred to as "the Service") has been approved and whose information is obtained in connection with the Service.

This policy includes information concerning the rights of Members with respect to the protection of their data, including the right to object to certain processing conducted by NIMS. For more details on Members’ rights and the methods for exercising such rights, please refer to “8. Members' Rights.”
Depending on the region in which a Member resides or is located, the respective country-specific appendix outlined below may also apply. Please refer to the relevant appendix in addition to the NIMS Alumni Network Privacy Policy (hereinafter referred to as "this Privacy Policy"). In the event of any inconsistency between this Privacy Policy and an appendix, the provisions of the relevant appendix shall prevail to the extent of such inconsistency.
- Appendix for the EEA (European Economic Area) and the United Kingdom

Article 1. Types of Personal Information Processed by NIMS

NIMS processes the following types of personal information and any other information necessary for achieving the purposes stated in “3. Purposes of Processing Personal Information.”
If a Member does not provide their personal information when it is required for the performance of a contract, compliance with legal obligations, or other reasons, NIMS may be unable to provide all or part of the Service to the Member.

  1. Personal information provided by the Member at the time of registration or update, or assigned by NIMS
    • Name, date of birth, gender, nationality, email address, current affiliation, educational background, work history, NIMS ID assigned while enrolled, login ID, password
  2. Profile photo and other profile information optionally registered by the Member, and personal information entered when posting to the Members Forum
    • Handle name (nickname), content of posts to the Members Forum, etc.
  3. Personal information obtained through questionnaires or inquiries
    • Name, email address, responses to questionnaires, content of inquiries, etc.
  4. Other personal information collected in connection with the use of the Service
    • IP address, type and version of browser, device information such as OS, pages viewed, access dates and times, access data, usage status of the Service by the Member, etc.

Article 2. Sources of Personal Information

NIMS obtains personal information directly from Members (including cases where Members enter information into forms themselves or where NIMS automatically collects personal information via the website). However, in the following cases, personal information may be obtained indirectly from third parties:

  • When information is received from third parties through inquiry forms, emails, or similar means
  • When information is otherwise lawfully obtained from third parties (including public information)

Article 3. Purposes of Processing Personal Information

The purposes for which NIMS processes personal information in this service are as follows:

  1. For the provision and operation of this service
    • Registration and management of Member information, and identity verification
    • Provision and operation of services such as the Members Forum and Member search
  2. For communication with Members and responding to inquiries
    • Communication as necessary for identity or fact verification
    • Responding to various inquiries, consultations, and requests related to this service
  3. For providing information related to NIMS and the Alumni Network
    • Providing information about events and various activities
    • Providing information related to the Alumni Network
  4. For conducting surveys and improving the service
    • Implementation and analysis of surveys
    • Investigation of service usage status and analysis for service improvement
  5. For the secure operation of this service and prevention of unauthorized use
    • Monitoring and prevention of policy or terms violations, unauthorized use, or unauthorized access
    • Responding to, recovering from, and investigating causes of system failures
  6. For legal compliance and exercise of rights
    • Fulfillment of obligations based on applicable laws and regulations
    • Exercising or defending the rights of NIMS or third parties

Article 4. Legal Basis for Processing Personal Information

The legal basis for NIMS to process personal information shall be as required and to the extent applicable under relevant data protection regulations. Where the following legal bases do not apply under certain jurisdictions, NIMS will process personal information based on the Member’s consent, to the extent required by the applicable data protection regulations.

Purposes of Processing Legal Basis for Processing

1. For the provision and operation of this service

2. For communication with Members and responding to inquiries
  • Performance of a contract, when essential for providing this service
  • Legitimate interests, in cases other than the above
  • Consent from Members, when processing cookies or similar data not strictly necessary and where required under applicable data protection regulations

3. For providing information related to NIMS and the Alumni Network

4. For conducting surveys and improving the service
  • Legitimate interests

5. For the secure operation of this service and the prevention of unauthorized use

6. For legal compliance and the exercise of rights
  • Legal obligations under applicable laws and regulations, when recognized under the laws of each country
  • Legitimate interests, in cases other than the above

Article 5. Retention Period for Personal Information

NIMS retains personal information for as long as is necessary to fulfill the purposes of processing. However, if a legally required retention period is specified by law or regulation, NIMS will retain the personal information for the statutory period and will promptly and securely delete the data after that period has ended. In addition, for reasons such as legal requirements, security, the necessity of preservation, or other legitimate reasons, NIMS may, upon notifying the Member, retain personal information for a necessary period even after receiving a deletion request from the Member.

In determining the appropriate retention period for personal information, NIMS considers the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which NIMS processes the personal information and whether those purposes can be achieved by other means, and any applicable legal requirements.

When the personal information collected from Members is no longer needed, NIMS will delete or anonymize such personal information. If deletion is not possible (for example, because the personal information is stored in backup archives), NIMS will securely store the personal information until deletion becomes possible and will ensure that no further processing of the personal information occurs.

Article 6. Provision and Cross-Border Transfer of Personal Information

NIMS may provide the types of personal information described in “1. Types of Personal Information Processed by NIMS” to third parties for the purposes described in “3. Purposes of Processing Personal Information” in the following cases:

  1. Provision of personal information to other Members using this service
  2. Provision of personal information to the NIMS Alumni Network
  3. Provision of personal information to service providers (including subcontractors) engaged for achieving the purposes described in “3. Purposes of Processing Personal Information”
  4. Provision of personal information when required by laws, regulations, or orders of governmental authorities
  5. Provision of personal information, to the extent permitted under applicable personal data protection laws, as necessary to protect the life, body, or property of NIMS, Members, or third parties
  6. When consent has been obtained from the Member
  7. Other cases permitted by applicable data protection regulations

NIMS may transfer personal information to countries or regions, including Japan, as necessary to achieve the purposes described in “3. Purposes of Processing Personal Information.”

With respect to the provision of personal information described in item (1) above, because Members using this service are located across the world, it is not possible to identify in advance which country or region a Member who receives the information is located in at the time of provision. Therefore, NIMS cannot specify the destination country nor provide information regarding the personal data protection system of that country or region to Members. However, based on the historical usage of this service, the principal countries or regions to which personal information is expected to be provided (excluding countries within the EEA and the UK) and an outline of their personal data protection frameworks (see linked references) are as follows:
China,India
In addition, many of the Members who use this service and may receive personal information are located within Japan.

Article 7. Security Management Measures

NIMS takes necessary and appropriate measures to prevent the leakage, loss, or damage of personal information, such as encrypting communication content and database entries. In addition, NIMS exercises necessary and appropriate supervision over its staff and subcontractors to ensure the protection of personal information.

Article 8. Rights of Members

Members may be granted certain legal rights under applicable personal data protection laws in each country. For example, to the extent permitted and required under applicable data protection regulations in each country or region, Members may have the right to access, correct, delete, restrict the processing of, object to the processing of, withdraw their consent (where such processing is based on consent—please note that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal), data portability, and not to be subject to automated decision-making, among other rights, with respect to their personal information.
If Members wish to exercise these rights, please contact the point of inquiry listed in “9. Contact Information” below. NIMS may charge a reasonable fee and may require additional information to verify the identity of the Member, to the extent permitted under applicable data protection regulations.
In addition, Members may file a complaint with the relevant data protection supervisory authority regarding the processing of their personal information by NIMS.

Article 9. Contact Information

If you have any inquiries regarding this Privacy Policy, please contact us at:

Email: koubunsyo@ml.nims.go.jp
Personnel and General Affairs Office, General Affairs Department, NIMS
1-2-1 Sengen, Tsukuba, Ibaraki 305-0047, Japan

Article 10. About Cookies, etc.

Please note that we are currently in the process of implementing a GDPR-compliant cookie banner, and a simplified version is in place at this time. We are working to introduce an official management tool that will allow you to select major types of cookies and view detailed information via the banner. The final management tool is still under development.
Cookies and similar technologies are used on this service’s website. For information about cookie settings, please refer to [link to banner]

Article 11. Changes to This Privacy Policy

NIMS may amend this Privacy Policy from time to time. In such cases, NIMS will notify Members by promptly posting the revised Privacy Policy, and from the time of such notification, personal information will be processed in accordance with the revised Privacy Policy.

Effective Date: April 1, 2026

Appendix for the EEA and the United Kingdom

This annex applies to the processing of personal information of Members located or residing in the European Economic Area (“EEA”) and the United Kingdom in relation to this service. It concerns the General Data Protection Regulation (GDPR) and the UK GDPR (hereinafter collectively referred to as the “GDPR”). Under the GDPR, the controller of Members’ personal information is NIMS, whose principal place of business is in Japan (for details, please see “9. Contact Information” above).

This annex supplements and, where applicable, modifies the provisions of the main Privacy Policy.

Article 1. Legal Basis for Processing

NIMS processes Members’ personal information in accordance with “4. Legal Basis for Processing Personal Information” of this Privacy Policy.
For further details regarding the balancing test for legitimate interests under Article 6(1)(f) of the GDPR, please contact us at the address listed in “9. Contact Information” above.

Article 2. Transfer of Personal Information Overseas

When NIMS transfers personal information subject to the GDPR to countries or regions outside the EEA or the United Kingdom, including Japan, NIMS will implement appropriate safeguards by (i) concluding the EU Standard Contractual Clauses (pursuant to Article 46(2)(c) and (5) of the GDPR) and the UK Standard Contractual Clauses approved by the UK Information Commissioner's Office (pursuant to Article 46(2)(d) of the UK GDPR) with the data recipients, or (ii) carrying out the transfer as necessary for the performance of a contract with the Member (pursuant to Article 49(1)(c) of the GDPR). Based on the historical usage of this service, the principal countries or regions to which personal information may be transferred on these grounds are China and India.
If Members wish to receive a copy of the documents related to these safeguards, please contact us at the address listed in “9. Contact Information” above.

Article 3. Rights of Members

Members have the rights set forth in “8. Rights of Members” of this Privacy Policy. If Members wish to exercise these rights, please contact us at the address listed in “9. Contact Information” of this Privacy Policy.
For information on the data protection supervisory authorities for each country or region of residence, please refer to here. In the case of the United Kingdom, the Information Commissioner’s Office (ICO) is the competent data protection supervisory authority.