Privacy Policy

Last Updated: 2026-04-24

Medical Software Consulting ("MSC", "we", "us", "our") respects your privacy 

and is committed to protecting the personal information you share with us 

through our website (medicalsoftwareconsulting.com) and related services, 

including MSC Regulatory Watch (watch.medicalsoftwareconsulting.com).

This Privacy Policy explains what information we collect, how we use it, 

and the rights you have regarding your personal information under applicable 

data protection laws, including the EU General Data Protection Regulation 

(GDPR), the UK GDPR, the Japanese Act on the Protection of Personal 

Information (APPI), and the California Consumer Privacy Act (CCPA/CPRA).

---

1. Data Controller

Medical Software Consulting is the data controller responsible for your 

personal information.

- Organization: Medical Software Consulting

- Representative: Yoshio Sakai

- Location: Japan

- Contact: info@medical-sc.com

---

2. Information We Collect

We collect personal information lawfully and fairly, only to the extent 

necessary for our business activities. The categories of information we 

may collect include:

Information you provide directly

- Inquiry and contact forms: name, organization, email address, and the 

  content of your message

- MSC Regulatory Watch feedback form: name, organization, email address, 

  role, jurisdiction of interest, and feedback content

- Newsletter subscription: name and email address

- Seminar or service registrations: name, organization, email address, 

  and other relevant contact details

Information collected automatically

- Website usage data via Google Analytics 4 (see Section 9)

- Server access logs, including IP address, browser type, and access 

  timestamps

---

3. How We Use Your Information

We use personal information only for the following purposes. For users 

in the EEA and the UK, the corresponding legal basis under the GDPR/UK 

GDPR is indicated:

- Responding to inquiries and feedback — Legitimate interest / Consent

- Delivering newsletters and service updates — Consent (opt-in)

- Providing consulting services — Performance of contract

- Sending invitations to seminars and events — Consent

- Complying with legal obligations — Legal obligation

- Improving our services — Legitimate interest

We do not use your personal information for automated decision-making or 

profiling. We do not use personal information for any purposes other than 

those listed above.

---

4. Sharing and Third-Party Processors

We do not sell your personal information.

We share personal information only in the following circumstances:

- With service providers who assist us in operating our services 

  (listed below)

- Where required by law or legal process

- With your explicit consent

Main third-party processors

We engage the following processors to support our services. All processors 

are bound by appropriate data protection agreements and are subject to our 

oversight.

- Brevo (Sendinblue SA, France): Newsletter email delivery

- Google LLC (United States): Analytics and document management

- XServer Inc. (Japan): Website hosting

We may engage additional processors from time to time as necessary for our 

business operations, always under appropriate supervision.

---

5. International Data Transfers

Our services are operated from Japan, and personal information is stored 

and processed primarily in Japan.

For users in the European Economic Area (EEA) and the United Kingdom: 

Japan has been recognized by the European Commission as providing an 

adequate level of data protection (Adequacy Decision, January 2019). 

Transfers of personal information to Japan therefore do not require 

additional safeguards under the EU/UK GDPR.

Where personal information is transferred to processors outside the EEA, 

UK, or Japan (such as Google LLC in the United States), we rely on 

appropriate safeguards, including Standard Contractual Clauses (SCCs) 

or adequacy decisions where applicable.

---

6. Data Retention

We retain personal information only for as long as necessary for the 

purposes for which it was collected:

- MSC Regulatory Watch feedback responses: 3 years from receipt

- Newsletter subscriber information: Until unsubscription, plus 30 days

- Consulting inquiries (no contract executed): 3 years from last contact

- Consulting inquiries (contract executed): 7 years from contract end

- Google Analytics data: 14 months (GA4 default setting)

- Server access logs: 3 months

After these periods, personal information is securely deleted or anonymized. 

Where longer retention is required by law, we retain the information for 

the applicable statutory period.

---

7. Security

We implement appropriate technical and organizational measures to protect 

personal information against unauthorized access, loss, alteration, or 

disclosure. These measures include encrypted data transmission (HTTPS/TLS), 

access controls, regular security updates, and secure credential management. 

Where we engage processors to handle personal information on our behalf, 

we exercise appropriate oversight.

However, no method of transmission over the internet or electronic storage 

is 100% secure, and we cannot guarantee absolute security.

---

8. Your Rights

Depending on your location, you have the following rights regarding your 

personal information. We will respond to verified requests within 30 days.

Rights available to all users

- Right to access your personal information

- Right to rectification of inaccurate or incomplete information

- Right to erasure ("right to be forgotten")

- Right to restrict processing

- Right to object to processing

- Right to withdraw consent (where processing is based on consent)

Additional rights for EU/UK users (GDPR/UK GDPR)

- Right to data portability

- Right not to be subject to automated decision-making

- Right to lodge a complaint with your national data protection authority

Additional rights for California residents (CCPA/CPRA)

- Right to know what personal information we collect and how it is used

- Right to delete personal information

- Right to opt out of the sale of personal information 

  (note: we do not sell personal information)

- Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at info@medical-sc.com. 

We may need to verify your identity before fulfilling your request.

---

9. Google Analytics and Cookies

Google Analytics

We use Google Analytics 4 (Measurement ID: G-YSLBR8FSGW) to understand how 

visitors interact with our website. Google Analytics uses cookies to collect 

information such as pages visited, time spent, referring website, device 

type, and approximate geographic location.

We have enabled IP address anonymization, and the data is processed on an 

aggregated basis and is not used to identify individual visitors. You can 

opt out of Google Analytics tracking by installing the 

[Google Analytics Opt-out Browser Add-on](https://tools.google.com/dlpage/gaoptout).

For details on Google's data practices, see 

[Google's Privacy Policy](https://policies.google.com/privacy).

Cookies

Our website uses cookies to improve usability and analyze traffic. A cookie 

is a small data file that websites store on your device through your 

browser.

You can refuse cookies through your browser settings, although some website 

functions may not operate properly if cookies are disabled.

---

10. Children's Privacy

Our services are directed at professionals in the medical device regulatory 

field and are not intended for individuals under 16 years of age. We do not 

knowingly collect personal information from children. If you believe we 

have inadvertently collected information from a child, please contact us 

at info@medical-sc.com.

---

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in 

our practices or applicable legal requirements. Material changes will be 

communicated through our website. The "Last Updated" date at the top of 

this policy indicates when it was most recently revised.

We comply with applicable data protection laws and regulations, including 

Japanese law and other applicable international norms, and review this 

policy periodically to ensure ongoing compliance.

---

12. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or 

our handling of your personal information, please contact:

Medical Software Consulting  

Yoshio Sakai, Representative  

Email: info@medical-sc.com