Article 1(Personal Information)
"Personal Information" in this policy means "personal Information" as stipulated in the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the "Personal Information Protection Act") and refers to information that can identify a specific living individual by name, date of birth, or other description contained in such information or information containing a personal identification code.
Article 2(Acquisition and Use of Personal Information)
We acquire the Personal Information of Users and use such information to the extent required for the following purposes. If we intend to use Personal Information beyond the scope of the following purposes, we will obtain prior consent from the User in an appropriate manner.
- To provide our "Soudan" service (hereinafter referred to as the "Service");
- To improve or refine the content of the Service or to develop new services;
- To provide information on new features, updates, campaigns, etc. of the Service and other services offered by us (including via e-mails, flyers, and other direct mailings);
- To contact Users for maintenance of the Service, important notices, etc. as necessary;
- To respond to opinions, inquiries, etc. from the Users regarding the Service (including to confirm the identity of the User);
- To report to Users on the status of use of the Service;
- To request Users for cooperation for questionnaires and interviews, etc., and for participation in various events related to the Service, or to report the results of such questionnaires and interviews to the Users;
- To investigate and analyze the usage history of the Service and to utilize the results for the improvement and development of the Services and for the distribution of advertisements;
- To process payments and remittance of Users; and
Article 3(Management and Protection of Personal Information)
Personal Information is carefully handled and is not disclosed or provided to any third parties without the consent of Users, except in the following circumstances. In consideration of security, we will take measures to prevent and remedy risks such as unauthorized access to Personal Information, loss, destruction, falsification, and leakage of Personal Information.
- if such disclosure of Personal Information is necessary for the protection of the life, body, or property of a person and it is difficult to obtain the consent of such person;
- if such disclosure of Personal Information is essential for the improvement of public health or the enhancement of the sound growth of children, and it is difficult to obtain the consent of the User concerned;
- if it is necessary to cooperate with a national agency, a local government, or an individual or an entity entrusted thereby in the execution of the affairs prescribed by laws and regulations and if obtaining the consent of the User is likely to hinder the performance of such affairs;
- if the handling of Personal Information is entrusted in whole or in part to the extent necessary to achieve the purpose of use, in order to carry out our business smoothly;
- if such Personal Information is provided as a result of a succession of business due to a merger or otherwise;
- if such Personal Information is used jointly with a specific person, and where such fact, the items of Personal Information jointly used, the scope of the joint users, the purpose of use by the joint user, and the name of the person responsible for the handling of the Personal Information are notified or made readily accessible to the Users in advance;
- other circumstances where such disclosure of Personal Information is permitted by laws and regulations.
Article 4(Entrustment of Handling of Personal Information)
We may entrust the handling of Personal Information in whole or in part within the scope necessary to achieve the purpose of use. In such case, we will thoroughly examine the eligibility of the entrusted third party, stipulate confidentiality obligations when executing a contract, and exercise necessary and appropriate supervision over such entrusted third party.
Article 5(Disclosure of Personal Information)
When we are requested by a User (limited to the User themself; the same shall apply hereinafter in this Article) to disclose Personal Information, we will disclose such information to the User without delay. However, we may keep all or part of such information undisclosed if the disclosure falls under any of the following cases. If we decide not to disclose the information, we will promptly notify the User.
- if such disclosure is likely to harm the life, body, property, or other rights and interests of a User or a third party;
- if there is a risk of a significant hindrance to the proper execution of our business; and
- if such disclosure violates any laws and regulations.
Article 6(Correction and Deletion of Personal Information)
- If any of the Personal Information retained by us is incorrect, we will, upon the request from the User, correct or delete the Personal Information in accordance with the procedures established by us.
- If we determine that it is necessary to accept the request from the User as referred in the preceding paragraph, we will correct or delete such Personal Information without delay and notify the User of such correction or deletion.
Article 7(Discontinuation of Use of Personal Information)
If we receive any request from a User for discontinuation of the use or removal of Personal Information (hereinafter referred to as "Discontinuation") on any of the grounds below, we will conduct the necessary investigations without delay. Subject to the result of the investigation, we will discontinue the use of Personal Information following the relevant laws and regulations and notify the User to that effect; provided, however, that in cases where it is difficult to discontinue the use of Personal Information due to the large amounts of costs involved or other reasons, and alternative measures are available to protect the rights and interests of the User, we will take such alternative measures.
- if Personal Information is handled beyond the scope of the purpose of use;
- if Personal Information is obtained through fraudulent means;
- if Personal Information is used in a manner that may encourage or induce illegal or wrongful acts;
- if we no longer need to use the User's Personal Information;
- if leakage, loss, or damage (hereinafter referred to as "Leakage") of Personal Information containing special-care required Personal Information has occurred or is likely to have occurred;
- if Leakage of Personal Information that might cause property damage due to unauthorized use has occurred or is likely to have occurred;
- if Leakage of Personal Information that may have been committed with a wrongful purpose has occurred or is likely to have occurred;
- if Leakage of Personal Information involving more than one thousand (1,000) individuals has occurred or is likely to have occurred; and
- if such handling of Personal Information is likely to harm the rights or legitimate interests of the User.
Article 8(Security Control Measures)
We have implemented the following measures for the security control of Personal Information.
- Establishment of Basic Policy
- Establishment of Rules for Handling Personal Information
We have established internal rules that stipulate the handling of Personal Information at each stage, including acquisition, use, storage, provision, deletion, and disposal, etc.
- Systematic Security Control Measures
We have appointed persons in charge of handling Personal Information and designated the employees who handle Personal Information and the scope of Personal Information handled by such employees, as well as establishing a system for reporting to and communicating with the person in charge.
We also conduct regular self-inspections and perform audits by the auditing department.
- Personnel Security Control Measures
We conduct regular training on the protection of Personal Information.
Matters concerning confidentiality obligations are included in the work rules and pledges.
- Physical Security Control Measures
We have introduced access control systems and restrictions on devices brought into the office.
We have implemented measures to prevent unauthorized access to Personal Information.
We have implemented measures such as locking and encryption in order to prevent theft or loss of equipment, electronic media, documents, and others that contain Personal Information.
- Technical Security Control Measures
We have applied access control for Personal Information databases and others.
We have introduced a mechanism to protect against unauthorized access or unauthorized software from outside.
- Understanding of External Environment
When we allow a third party in a foreign country to handle Personal Information, we implement appropriate security control measures after learning the system for protecting Personal Information in the country where the third party is located.
Article 10(Compliance with Laws and Regulations)
We will comply with Japanese laws, regulations, and other norms applicable to the Personal Information we store.
Article 11(Response to Complaints and Inquiries)
We take complaints and inquiries from Users regarding the handling of Personal Information and respond to such complaints and inquiries appropriately and promptly. We will also respond promptly and appropriately to requests from Users to disclose, correct, add to, delete, refuse to use, or provide such Personal Information.
Article 12(Contact for Inquiries)
For inquiries regarding our handling of Personal Information, please contact us at:
Enacted and effective as of Aug. 21, 2022
We respect individuals’ right to privacy and comply with the GDPR and other data protection and privacy-related laws and regulations.
2.Legal Basis for Processing Personal Data
We process Personal Data only as permitted by relevant laws or regulations (in particular, the GDPR).
When we process Personal Data, we rely on at least one legal basis for lawful processing.
Below we summarize (a) the purposes for processing Personal Data, (b) the types of Personal Data, and (c) the legal basis for processing Personal Data.
|(a)Purposes for Processing Personal Data||(b)Types of Personal Data||(c)Legal Basis|
|1.Authentication and identification of users of the Services||
||Performance of the contract
|2.Provision of the Services||
||Performance of the contract|
|3.Counting of the number of users of application for providing the Services (“Application”), proper display of Application, improvement of convenience and other appropriate operation of Application, and analysis of the use of Application||
3.Sources of Personal Data
In addition to acquiring Personal Data directly from the user, we obtain Personal Data indirectly through third parties concerning the following information.
- Account information of the SNS that the user has chosen to link with the Services for user authentication.
We retrieve it through either Google/Apple at the user’s option.
- Information on the payment status of the charges for the paid content usage
We acquire this information through the subcontractor that processes payments on our behalf. We only obtain information regarding whether or not the usage fee has been paid and do not acquire any information such as the user's credit card number.
4.Sharing and Disclosing Personal Data
We share and disclose Personal Data to the following third parties under GDPR. If the third party does not store data in the EU or in Japan, we take appropriate measures in accordance with the standard contract clauses approved by the European Commission.
- Google Cloud
It is used as a hosting or another platform for providing the Services.
It is used to realize the essential functions to provide the Services as applications and to improve and analyze the application.
It is used to improve and analyze the application for providing the Services.
It is used to process payments and remit funds to vendors.
It is used for the video call functionality necessary to provide the Services.
5.Retention Period of Personal Data
We retain users' data only for as long as is necessary to achieve the purposes of processing the Personal Data. The specific retention period will be determined based on the following considerations: the purpose for acquiring and processing Personal Data, the nature of the Personal Data, and the legal or business requirement for retaining Personal Data.
6.Legal Rights of the User
The user has the following rights concerning Personal Data if specific requirements are met.
- To request access to Personal Data: The user may receive a copy of Personal Data held by us and check the status of lawful processing of Personal Data.
- To request correction of Personal Data: The user may correct relevant information if Personal Data is incomplete or inaccurate. However, we may request to prove the accuracy of the new information provided to us.
- To request deletion of Personal Data: The user may request that the relevant Personal Data be deleted if we have no legitimate reason to continue processing Personal Data. However, we may not be able to comply with the user's request if there are specific legal grounds.
- To make objections to improper Processing of Personal Data: The user may object to processing the relevant Personal Data.
- To request a restriction on the processing of Personal Data: The user may request that the processing of Personal Data be suspended.
- To request the data portability of Personal Data: The user may receive Personal Data in a structured, commonly used, and machine-readable format or request to have such data transferred to another controller without hinderance by us.
- To withdraw consent to process Personal Data: The withdrawal of consent by the user shall not affect the lawfulness of the processing carried out before such withdrawal. We may not be able to provide certain products or services to the user if the user withdraws the consent. We will advise the user if this is the case at the time of the withdrawal.
The user may lodge an objection with the data protection supervisory authority of the Member State of the user's residence. However, we would prefer to address any issues first before the user contacts the relevant supervisory authority.
7.Use by Children
We will not intentionally collect Personal Data from users under the age of 16 without the consent of a person with parental authority or other legal representatives (hereinafter referred to as "Person with Parental Authority"). If a person under 16 years of age wishes to use the Services, we will request the consent of the Person with Parental Authority in a manner specified by us.