1. Introduction

Yurai is committed to protecting the privacy and personal data of its website visitors, prospects, clients, and professional contacts.This Privacy Policy explains how personal data may be collected, processed, stored, and protected when interacting with:

• the Yurai website
• contact forms and business communications
• consulting, audit, and advisory services
• administrative and billing activities
• internal tools used by Yurai

Yurai operates as a consulting and advisory firm. Personal data processing is therefore limited to what is necessary for professional interactions, advisory activities, and legal obligations.

Yurai does not operate advertising platforms, data brokerage services, or large‑scale data profiling systems.

By using our website, you hereby consent to this Privacy Policy and agree to its terms.

2. Data Controller

Data Controller: Yurai GK
Kurobe Toyama Japan

Contact: dp[-at mark-]yuraigroup[-dot-]com

3.2 Professional Information

• Professional contact information
• Publicly available professional information
• Information exchanged in a professional context

3.3 Technical Data

When accessing the website or communication systems:

• IP address
• connection metadata
• basic browser or device information necessary for security or operation

3.4 Professional Organisational Data

During advisory engagements, Yurai may process organisational information such as:

• governance structures
• operational processes
• organisational information shared during advisory discussions

This information is used strictly for advisory purposes.

4. Infrastructure and Systems Used

Yurai operates a hybrid infrastructure combining internal systems and external service providers.

4.1 Internal Infrastructure — Japan

Certain systems are operated directly by Yurai in Japan, including:

• CRM systems
• ERP systems
• internal note‑taking systems
• workflow tools
• locally hosted AI agents
• monitoring and security systems (EDR / XDR)

These systems are used exclusively for the purposes of Yurai’s professional activities, including the performance of consulting, audit, analysis, summarization, and preliminary assessment activities.

4.2 Cloud infrastructure
Infomaniak Infrastructure — Switzerland

Yurai uses services provided by Infomaniak Network SA, located in Switzerland, including:

• website hosting
• KSuite email services
• KChat/Kmeet collaboration tools
• KDrive file storage
• KDocs office tools

These services operate under Swiss data protection standards.

Accounting Platform — Japan

For accounting and invoicing purposes, Yurai uses: MoneyForward Cloud (Japan)

4.3 Social Media Platforms

Yurai may interact with individuals through professional networking platforms including:

• LinkedIn
• Facebook

 When communication occurs through these platforms, data processing is also governed by the privacy policies of those platforms.

5. Purposes of Processing

5.1 Client Acquisition and Business Development

Yurai may process personal data in order to:

• respond to contact requests
• evaluate potential collaborations
• conduct professional outreach
• understand organisational needs

Systems used may include:

• CRM (Japan)
• ERP (Japan)
• locally hosted AI agents (Japan)
• internal note‑taking systems
• workflow systems
• website infrastructure (Switzerland)
• KSuite services (Switzerland)
• social networks such as LinkedIn or Facebook

Data processed may include:

• name and surname
• email address
• company
• professional role
• publicly available professional information
• IP address

5.2 Audit, Advisory, and Consulting Activities

During advisory engagements, Yurai may process professional data exchanged with clients.Systems used may include:

• internal note‑taking systems (Japan)
• KSuite services (Switzerland)
• KChat collaboration tools, including recording,  (Switzerland with possible local storage in Japan)
• Office tools (local and KSuite)
• locally hosted AI assistants
• email systems

Personal data processed may include:

• name and surname
• email address
• company
• professional role
• IP address

Professional organisational data processed may include governance or operational information shared during advisory work.Third‑party access may occur for infrastructure maintenance or technical support through Infomaniak and its partners.

5.3 Administration, Billing and Accounting

Personal data may also be processed for invoicing, accounting, and legal compliance.Systems used may include:

• internal ERP systems (Japan)
• MoneyForward Cloud accounting platform (Japan)* include AI assistant
• KSuite services (Switzerland)
• Office tools (local and KSuite)
• email systems

Personal data processed may include:

• name and surname
• email address
• company
• professional role
• professional contact details
• IP address

Professional data processed may include:

• invoice information
• services delivered
• payment amounts
• banking information required for transactions

Third‑party transmission may occur to:

• banking institutions (Japan or the client country)
• Infomaniak infrastructure providers
• Japanese tax authorities where legally required
• accounting or fiduciary partners in Japan

Special cases

5.4 Cookies

Yurai uses "cookies", which are small data files placed on your device only if your browser settings permit. These cookies may include information such as a unique identifier, previously visited sub‑pages of this website, or other technical information necessary for website operation.Types of cookies that may be used include:

• session cookies
• security cookies
• preference cookies

Tracking cookies are avoided whenever possible. The website may only use minimal technical cookies required for functionality, security, and operational purposes.You may refuse the use of cookies during your first visit to the website. Cookies can also be disabled or deleted at any time through your browser settings.This website does not change its data collection and use practices when your browser sends a "Do Not Track" signal.

5.5 Log Files

Following standard procedures for log file usage, our systems may automatically record visits when you access our systems or the one of our service providers. Log files may include information such as:

• browser type
• IP address
• ISP
• time zone
• timestamps
• referring or exit pages
• number of clicks

These data are used to analyse trends, administer the website, monitor usage patterns, and gather general demographic information. These data are not linked to personally identifiable information.While browsing the website, we may also collect technical information about the sub‑pages you visit.We may use statistical or analytics services to better understand how the website is used and to improve its operation. Each of these services operates under its own privacy policy, which can be consulted directly on the respective provider's website.Third‑party transmission may occur when necessary to:

• Infomaniak infrastructure and website partners
• social network platforms when interactions occur through those platforms
• authorities when legally required

5.6 Communications

We may communicate with you by email or telephone in response to your requests or to provide information related to services offered by Yurai based on the personal information you provide.Where consent has been obtained, we may also send updates or service‑related communications.If you no longer wish to receive such communications, you may opt out at any time by following the instructions included in the relevant communication.

6. Legal Basis for Processing

Yurai processes personal data based on one or more of the following legal bases:

Legitimate Business Interest

Professional communication, responding to inquiries, and managing consulting relationships.

Contractual Necessity

Processing required for delivering advisory services, executing agreements, and managing billing.

Legal Obligations

Processing required to comply with accounting, tax, and regulatory requirements.

7. International Data Transfers

Due to the infrastructure used by Yurai, personal data may be processed in multiple jurisdictions including:

• Japan (internal infrastructure and accounting systems)
• Switzerland (Infomaniak services)
• other jurisdictions when interacting through international platforms such as LinkedIn or Facebook

These transfers occur only when necessary for the services used.

8. Data Security

Yurai implements reasonable technical and organisational security measures including:

• encryption where available
• network segmentation using VLANs
• dedicated operating systems for infrastructure services
• endpoint monitoring systems (EDR / XDR)
• regular security patching
• backups stored on external media

Despite these measures, no digital system can guarantee absolute protection against cyber incidents.

9. Use of Artificial Intelligence

Yurai may use locally hosted artificial intelligence tools to assist internal operations, including:

• structuring documentation
• summarising notes
• supporting analysis during advisory and audit activities

These systems are used as assistance tools. Final analysis, judgement, and decisions always remain under human responsibility.

AI systems used by Yurai are hosted locally within Yurai infrastructure in Japan whenever possible. When data is used to improve internal AI models, datasets are anonymised or transformed to remove personal identifiers whenever reasonably possible.

Third-party AI services are used only for Yurai’s own internal purposes (for example research, drafting assistance, or internal productivity tasks) and not for processing client data unless appropriate safeguards are applied.

Yurai does not use client personal data to train external AI models or third‑party AI services.

10. Professional Confidentiality

Information exchanged with Yurai during advisory, consulting, or audit activities may include sensitive organisational information.Yurai treats such information with professional confidentiality and limits access to what is necessary for the performance of advisory services.Confidentiality obligations apply to internal systems, documentation, and communication tools used by Yurai.

11. Data Sharing and Sale of Data

The sale of personal data is not part of Yurai's business model.Yurai does not sell, rent, or trade personal data. Data sharing occurs only when necessary with:

• infrastructure providers
• professional service partners
• financial institutions
• authorities when legally required

11.1 Business Transfers

In the event that Yurai, or substantially all of its assets, are acquired, or if Yurai GK goes out of business, is liquidated, or enters bankruptcy proceedings, personal information may be considered part of the business assets transferred to or acquired by a third party.

In such a situation, personal information may be transferred to the acquiring entity, which may continue to process that information in accordance with this Privacy Policy and applicable laws.

By interacting with Yurai or using the Yurai website, you acknowledge and consent that such transfers may occur.

12. Data Breach and Security Incidents

In the event of a security incident affecting personal data, Yurai will take reasonable steps to:

• investigate the incident
• review the situation and determine appropriate actions
• notify relevant parties where required by applicable law

13. Data Retention

Personal data is retained only as long as necessary to:

• manage professional relationships
• provide advisory services
• comply with legal and accounting obligations

Data may be periodically deleted when no longer relevant.

14. User Rights

Depending on applicable laws, individuals may have the right to:

• request access to their personal data
• request correction of inaccurate data
• request deletion where legally possible
• object to certain processing activities

Requests may be submitted to:

dp[-at mark-]yuraigroup[-dot-]com

15. Changes to This Policy

This Privacy Policy may be updated periodically to reflect changes in infrastructure, regulations, or operational practices.The most recent version will always be available on the Yurai website.