ACTUAL Inc. (the “Company”) understands the importance of protecting personal information, and will observe the Act on the Protection of Personal Information (the “Act”) and endeavor to handle and protect personal information in an appropriate manner in accordance with this Privacy Policy (the “Privacy Policy”). Unless otherwise provided herein, the definitions of the terms used herein shall be in accordance with the Act.
DEFINITION OF PERSONAL INFORMATION
For the purpose of the Privacy Policy, personal information shall mean the information regarding a living individual which falls under any of the following Items:
information containing a name, date of birth or other descriptions, etc. (including any and all matters stated, recorded or otherwise expressed using voice, movement or other methods in a document, drawing or electromagnetic record) whereby a specific individual can be identified (including information which can be easily collated with other information and thereby identify a specific individual); or
information containing an individual identification code.
PURPOSE OF USE OF PERSONAL INFORMATION
The Company shall use personal information for the following purposes:
Provision of the Company’s service (the “Service”);
Notifications and responses to customer inquiries, with respect to the Service;
Announcement regarding the Company’s products or services, etc.;
Dealing with breach of the Company’s terms of use, policy, etc. (the “Terms”), with respect to the Service;
Notifications of amendment to the Terms of the Service;
Improvement of the Service and development of new service, etc. by means of analyzing the information related to the user’s usage of the Service;
(i) Labor management and the Company’s internal procedures (with respect to personal information of directors, officers and employees of the Company), and (ii) selection and contact for recruit (with respect to personal information of applicant);
Shareholder management and procedures under Companies Act and other applicable laws (with respect to personal information of shareholders, holders of share options, etc.)
Creation of statistics data which is processed so that no particular individuals shall be identified, in connection with the Service; or
other purposes related to the above purposes.
CHANGE OF PURPOSE OF USE OF PERSONAL INFORMATION
The Company may change the purpose of use of personal information to the extent that the purpose of use after the change is reasonably recognized to be related to the original purpose of use. When the purpose of use has been changed, the Company shall notify the person which can be identified by the personal information (the “Principal”) of, or publicly announce the purpose of use after the change.
USE OF PERSONAL INFORMATION
The Company shall not use personal information, without the consent of the Principal, beyond the scope necessary for the achievement of the purpose of use, unless permitted by the Act or other laws or regulations; provided, however, that this provision shall not apply if such use is:
based on laws and regulations;
necessary for the protection of the life, body or property of an individual and it is difficult to obtain the consent of the Principal;
specially necessary forimproving public health or promoting the sound growth of children and it isdifficult to obtain the consent of the Principal;
necessary for cooperating with a national government, a local government, or a person or entity entrusted thereby in executing the affairs prescribed by laws and regulations and acquisition of the consent of the Principal may impede the execution of the affairs concerned; or
cases where the Company provides personal data to an academic research institute, etc., and an academic research institute, etc. needs to handle such personal data for the purpose of academic research (including cases in which a part of the purpose of such handling is for academic research, but excluding cases in a fear of unreasonable infringement on the rights and interests of individuals).
The Company shall not use personal information in a manner that may encourage or induce illegal or unjust acts.
PROPER ACQUISITION OF PERSONAL INFORMATION
The Company shall acquire personal information by proper means, and shall not acquire it by a deception or other wrongful means.
Except in the following cases, the Company shall not acquire special care-required personal information (defined in Paragraph 3 of Article 2 of the Act) without obtaining a prior consent of the Principal.
cases where such acquisition falls under Items 1 through 4 of Article 4.1;
cases where the Company acquires special care-required personal information from an academic research institute, etc. and needs to acquire for the purpose of academic research (including cases where a part of the purpose of such acquisition is for academic research, but excluding cases in a fear of unreasonable infringement on the rights and interests of individuals.) (limited to the cases where a business operator handling personal information and such academic research institute, etc. jointly conduct academic research);
cases where the special care-required personal information is being made available to the public by the Principal, a government organization, a local government, an academic research institute, etc., a person set forth in Items of Paragraph 1 of Article 57 of the Act or other persons prescribed by the rules of the Personal Information Protection Commission;
cases where the Company acquires special care-required personal information clearly recognized from the Principal's appearance by seeing or taking pictures; or
cases where the Company receives special care-required personal information from a third party and such provision of the information by the third party falls under any of Items of Article 8.1.
When the Company receives personal information from a third party, the Company shall confirm the following matters pursuant to the rules of the Personal Information Protection Commission, except where such provision of the personal information by the third party falls under any of Items of Article 4.1 or any of Items of Article 8.1.
the name or appellation and address of the third party and, for a corporate body, the name of its representative (for a non-corporate body having appointed a representative or administrator, such representative or administrator)
circumstances under which the personal information was acquired by the third party
SECURITY CONTROL OF PERSONAL INFORMATION
The Company shall sufficiently and appropriately supervise the Company’s employees to ensure the security control of personal information against the risk of loss, destruction, alteration or leakage. When the Company entrusts a third party with the handling of personal information in whole or in part, the Company shall sufficiently and appropriately supervise the third party to ensure the security control of personal information. Specific details of security control measures respect to the retained personal data is as follows.
To ensure the accurate handling of personal data the Company establishes this Privacy Policy as its basic policy regarding "compliance with related laws and guidelines", "contact for questions and complaints", etc.
Maintenance of rules respect to handling personal data
The Company establishes basic rules for handling personal data in case of acquisition, use and storage, etc.
Systematic security control measures
A responsible person confirms whether personal data is handled along with maintained handling rules.
The Company maintains there port and contact system to a responsible person from an employee.
Human security management measures
The Company provides regular training for employees on matters to be considered in handling personal data.
The Company lists matters regarding confidentiality of personal data in employment regulations.
Physical security management measures
The Company takes measures to prevent persons excluding employees authorized to handle personal data and the Principal from easily viewing personal data.
The Company takes measures to prevent theft or loss of equipment, digital media, documents, etc. that handle personal data, and to prevent personal data from being easily discovered when such equipment, digital media, etc. are carried, including during transportation within the place of business.
Technical security management measures
The Company clarifies devices which access to personal data and employees who handle the devices and prevents unnecessary access to personal data.
The Company installs mechanisms to protect equipment that handle personal data from unauthorized external access or unauthorized software.
Understanding the external environment
The Company implements security management measures after understanding the system regarding the [ ] country where the Company store personal data.
REPORTING, ETC. IN CASE OF LEAKAGE
TheCompany shall report to the Personal Information Protection Commission and notify the Principal in cases where such reporting and notifying shall be needed because of the event of leakage, loss, damage, etc. of personal information handled by the Company in accordance with the provisions of the Act.
PROVISION TO A THIRD PARTY
The Company shall not provide personal information to a third party without the prior consent of the Principal, except where such provision falls under any of Items of Article 4.1; provided, however, that the following cases shall not be regarded as the provision to a third party:
Cases where the Company provides personal information accompanied by entrustment to a third party with the handling of personal information within the scope necessary for the achievement of the purpose of use;
Cases where personal information is provided as a result of the succession of business in a merger or otherwise; or
Cases where personal information is used jointly with others in accordance with the provisions of the Act.
Notwithstanding Article 8.1, incases where the Company provides personal information to a third party(excluding a party establishing a system conforming to the standards specified by the rules of the Personal Information Protection Commission based on Article28 of the Act) in a foreign country (excluding countries specified by the rules of the Personal Information Protection Commission based on Article 28 of theAct), the Company shall obtain the Principal's prior consent to the effect that the Principal approves the provision to a third party in a foreign country, except where such provision falls under any of Items of Article 4.1.
When obtaining the consent of the Principal to provide personal information to a third party in a foreign country in accordance with Section 8.2, the following information shall be provided to the Principal; provided, however, that in cases where the item (1)cannot be specified, the Company shall provide, in lieu of the items (1) and(2), the fact that the item (1) cannot be specified and the reason there for, and any information that can be used as a reference for the Principal in lieu of the item (1).
Name of the foreign country
Information on the system for the protection of personal information in the foreign country
Information on measures taken by the third party to protect personal information (if such information cannot be provided, a statement to that effect and the reason)
When the Company has provided personal information to a third party, the Company shall make and maintain a record pursuant to Article29 of the Act.
When the Company receives personal information from a third party, the Company shall conduct necessary confirmation pursuant to Article 30 of the Act, and make and maintain a record concerning such confirmation.
DISCLOSURE OF PERSONAL INFORMATION
In cases where the Company is requested by a customer to disclose the personal information under the Act, the Company shall, after confirming that the request is made by the Principal itself, disclose the personal information to the Principal without delay (in cases where the Company does not have such personal information, the Company shall notify the Principal to that effect); provided, however, that this provision shall not apply to cases where the Company is not obliged to disclose such personal information under the Act or other laws or regulations.
The preceding paragraph shall apply mutatis mutandis to records of provision to third parties made in accordance with Section 8.4 and records of provision from third parties made in accordance with Section 8.5 with respect to personal information that identifies the Principal.
CORRECTION,ETC. OF PERSONAL INFORMATION
In cases where the Company is requested by the Principal to correct, add or delete the personal information under the Act on the ground that such personal information is contrary to the fact, the Company shall, after confirming that the request is made by the Principal itself, conduct a necessary investigation without delay within the scope necessary for the achievement of the purpose of use, and on the basis of the result, correct, add or delete the personal information and notify the Principal to that effect (in cases where the Company decides not to make such correction, addition or deletion, the Company shall notify the Principal to that effect); provided, however, that this provision shall not apply to cases in which the Company is not obliged to make such correction, addition or deletion under the Act or other laws or regulations.
DISCONTINUANCE OF THE USE, ETC. OF PERSONAL INFORMATION
Incases where the Company is (i) requested by the Principal to discontinue using or to erase the personal information under the Act on the ground that such personal information is being handled beyond the purpose of use publicly announced in advance or is being handled by measures which may facilitate or induce illegal or unjust act or has been acquired by a deception or other wrongful means, or (ii) requested by the Principal to discontinue providing the personal information under the Act on the ground that such personal information is provided to a third party without the Principal’s consent, or (iii) requested by the Principal to cease use or provision of the personal information under the Act on the ground that it has become unnecessary for the Company to utilize personal information or a situation prescribed in the main clause of Article 26paragraph 1 of the Act has occurred or the handling of the personal information of the Principal is likely to harm the rights or legitimate interests of the Principal and where it is found that the request has a reason, the Company shall, after confirming that the request is made by the Principal itself, discontinue the use of or erase the personal information, or discontinue the provision of the personal information, without delay and shall notify the Principal to that effect; provided, however, that this provision shall not apply to cases in which theCompany is not obliged to make such discontinuance of use or erasure, or discontinuance of provision, under the Act or other laws or regulations.
THIRD PARTY PROVISION OF PERSONALLY REFERABLE INFORMATION
In case where the Company assumes that such third party acquires personally referable information (which means what is set forth in Article 2, Paragraph 7 of the Act and is limited to those that constitute the personally referable information database, etc. set forth inArticle 16, Paragraph 7 of the Act; The same applies hereinafter.) as personal data, the Company, except any of Items of Article 4.1, shall not provide a personally referable information to the third party without confirming those matters set forth in the following in advance under the rules of the Personal InformationProtection Commission.
The Principal’s consent to the effect that the Principal approves that the third party acquires personally referable information, as personal data that can identify the Principal, that is provided from the Company, has been obtained.
For a provision to a third party in a foreign country, in case of intending to obtain the Principal’s consent referred to in the preceding item, pursuant to rules of the Personal InformationProtection Commission, information on the personal information protection system of the foreign country, on the measures the third party takes for the protection of personal information, and other information that is to serve as a reference to the Principal, have been provided in advance to the Principal.
The Company shall produce and store the record according with Article 31 of the Act when the Company provides personally referable information pursuant to the provisions of the preceding paragraph.
The Company shall make necessary confirmation and shall produce and store the record in according with the Act when theCompany acquires personally referable information as personal data from the third party.
TREATMENT OF PSEUDONYMOUSLY PROCESSED INFORMATION
The Company shall process personal information pursuant to the standards set forth in the provisions of the rules of the Personal Information Protection Commission when the Company produce pseudonymously processed information (it means what set forth in Article 2, Paragraph 5 of theAct, and is limited to what constitute the pseudonymously processed information database, etc. set forth in Article 16, Paragraph 5 of the Act; The same shall apply hereinafter.).
When the Company has produced pseudonymously processed information or has acquired pseudonymously processed information and deleted information, etc. regarding pseudonymously processed information(it means what set forth in Article 41, Paragraph 2 of the Act; The same shall apply hereinafter.), the Company shall take measures for the security control of deleted information, etc. in accordance with the standards prescribed by the rules of the Personal Information Protection Commission as needed to prevent leak of deleted information, etc..
The Company shall subject to the following items regarding pseudonymously processed information (it is limited to personal information; The same shall apply hereinafter in Article of13.3)
Notwithstanding Article4.1, the Company shall not use personal information beyond the scope necessary for the achievement of the purpose of use without based on laws and regulations.
With regard to applying Article 3 regarding pseudonymously processed information, the phrase “TheCompany may change the purpose of use of personal information to the extent that the purpose of use after the change is reasonably recognized to be related to the original purpose of use” is deemed to be replaced with “The Company may change the purpose of use of personal information” and the phrase “the Company shall notify the person which can be identified by the personal information(the “Principal”) of, or publicly announce the purpose of use after the change”is deemed to be replaced with “the Company shall publicly announce the purpose of use after the change”.
Notwithstanding from Article 8.1 to Article 8.3, the Company shall not provide personal data which is pseudonymously processed information to the third party without based on laws and regulations; provided, however, that the cases listed in any of items of Article 8.1 is not provision to the third party as stipulated above.
In case where the Company handles pseudonymously processed information, the Company shall not collate the pseudonymously processed information with other information to identify the Principal regarding personal information that is used for producing the pseudonymously processed information.
In case where theCompany handle pseudonymously processed information, the Company shall not use contact information and other information including pseudonymously processed information to call, to send by mail or letter, to send telegrams, to transmit by facsimile or electromagnetic means, or to visit Principal’s residence.
Article 7 and fromArticle 9 to Article 11 shall not be applied regarding pseudonymously processed information.
TREATMENT OF ANONYMOUSLY PROCESSED INFORMATION
When the Company produces anonymously processed information (defined in Paragraph 6 of Article 2 of the Act and limited to those constituting anonymously processed information database, etc. prescribed in Paragraph 6 of Article 16 of the Act; hereinafter the same shall apply), theCompany shall process personal information in accordance with the standards prescribed by the rules of the Personal Information Protection Commission.
When the Company has produced anonymously processed information, the Company shall take measures for the security control in accordance with the standards prescribed by the rules of the Personal InformationProtection Commission.
When The Company has produced anonymously processed information, the Company shall disclose to the public the items of information relating to the individuals contained in the anonymously processed information pursuant to the rules of the Personal Information ProtectionCommission.
When the Company provides a third party with the anonymously processed information (including the same produced by theCompany and the same received by the Company from a third party; here in after the same shall apply unless otherwise provided in the Privacy Policy), theCompany shall disclose to the public the items of information concerning the individuals contained in the anonymously processed information to be provided to a third party and the method of provision thereof, and state to the third party explicitly that the information being provided is anonymously processed information, in advance pursuant to the rules of the Personal InformationProtection Commission.
When the Company handles the anonymously processed information, the Company shall not (1) collate the said anonymously processed information with other information, or (2) acquire descriptions, etc.or individual identification codes deleted from personal information, or information relating to the processing method carried out pursuant to Paragraph 1 of Article43 of the Act ((2) shall be applied only to the anonymously processed information provided by a third party) in order to identify the individuals concerned with the personal information used to produce the anonymously processed information.
The Company shall make efforts to take measures necessary to ensure the proper handling of the anonymously processed information, including measures necessary and appropriate for the security control of the anonymously processed information and dealing with complaints about the handling, including producing, of the anonymously processed information, and make efforts to disclose to the public the content of such measures taken.
USE OF COOKIES AND OTHER TECHNOLOGIES
Cookies or similar technologies may be used in the Company’s service. Such technologies help the Company to recognize the status of use of the Company’s service, etc. and contribute improvement of the service. When a user intends to disable cookies, the user may disable cookies by changing the web browser’s settings. Please note that when cookies are disabled, apart of the service may be unavailable.
On the Company’s website, theCompany uses Google Analytics, a service provided by Google, Inc. to track the use of such website by its visitors. Please refer to the following link for a description of how data is collected and processed by Google Analytics.
https://www.google.com/intl/ja/policies/privacy/partners
CONTACT
With respect to requests for disclosure, etc., comments, questions, complaints and other inquiries regarding the handling of personal information, please contact the following.
ACTUAL Inc.
E-mail :hello@actu-al.co
CONTINUOUS IMPROVEMENT
TheCompany shall endeavor to review timely the status of the operation regarding handling of personal information and to improve such operation continuously. The Company may amend this Privacy Policy as necessary.