PRIVACY POLICY

Privacy policy

ITO Technologies, Inc. (hereinafter referred to as the "We," "Us," or "Our") has established the following Privacy Policy regarding the handling of Personal Information of users of our services (hereinafter referred to as the "User"). We promote the protection of Personal Information by establishing a system to protect Personal Information and ensuring that all employees are fully aware of the importance of protecting Personal Information and thoroughly implement such measures.

Article 1(Personal Information)

"Personal Information" in this policy means "personal Information" as stipulated in the Act on the Protection of Personal Information (Act No. 57 of 2003, hereinafter referred to as the "Personal Information Protection Act") and refers to information that can identify a specific living individual by name, date of birth, or other description contained in such information or information containing a personal identification code.

Article 2(Acquisition and Use of Personal Information)

We acquire the Personal Information of Users and use such information to the extent required for the following purposes. If we intend to use Personal Information beyond the scope of the following purposes, we will obtain prior consent from the User in an appropriate manner.

  1. To provide our "Soudan" service (hereinafter referred to as the "Service");
  2. To improve or refine the content of the Service or to develop new services;
  3. To provide information on new features, updates, campaigns, etc. of the Service and other services offered by us (including via e-mails, flyers, and other direct mailings);
  4. To contact Users for maintenance of the Service, important notices, etc. as necessary;
  5. To respond to opinions, inquiries, etc. from the Users regarding the Service (including to confirm the identity of the User);
  6. To report to Users on the status of use of the Service;
  7. To request Users for cooperation for questionnaires and interviews, etc., and for participation in various events related to the Service, or to report the results of such questionnaires and interviews to the Users;
  8. To investigate and analyze the usage history of the Service and to utilize the results for the improvement and development of the Services and for the distribution of advertisements;
  9. To process payments and remittance of Users; and
  10. To identify Users who have violated the Terms of Use or who attempt to use the Service for unauthorized or wrongful purposes and to refuse their use of the Service.

Article 3(Management and Protection of Personal Information)

Personal Information is carefully handled and is not disclosed or provided to any third parties without the consent of Users, except in the following circumstances. In consideration of security, we will take measures to prevent and remedy risks such as unauthorized access to Personal Information, loss, destruction, falsification, and leakage of Personal Information.

  1. if such disclosure of Personal Information is necessary for the protection of the life, body, or property of a person and it is difficult to obtain the consent of such person;
  2. if such disclosure of Personal Information is essential for the improvement of public health or the enhancement of the sound growth of children, and it is difficult to obtain the consent of the User concerned;
  3. if it is necessary to cooperate with a national agency, a local government, or an individual or an entity entrusted thereby in the execution of the affairs prescribed by laws and regulations and if obtaining the consent of the User is likely to hinder the performance of such affairs;
  4. if the handling of Personal Information is entrusted in whole or in part to the extent necessary to achieve the purpose of use, in order to carry out our business smoothly;
  5. if such Personal Information is provided as a result of a succession of business due to a merger or otherwise;
  6. if such Personal Information is used jointly with a specific person, and where such fact, the items of Personal Information jointly used, the scope of the joint users, the purpose of use by the joint user, and the name of the person responsible for the handling of the Personal Information are notified or made readily accessible to the Users in advance;
  7. other circumstances where such disclosure of Personal Information is permitted by laws and regulations.

Article 4(Entrustment of Handling of Personal Information)

We may entrust the handling of Personal Information in whole or in part within the scope necessary to achieve the purpose of use. In such case, we will thoroughly examine the eligibility of the entrusted third party, stipulate confidentiality obligations when executing a contract, and exercise necessary and appropriate supervision over such entrusted third party.

Article 5(Disclosure of Personal Information)

When we are requested by a User (limited to the User themself; the same shall apply hereinafter in this Article) to disclose Personal Information, we will disclose such information to the User without delay. However, we may keep all or part of such information undisclosed if the disclosure falls under any of the following cases. If we decide not to disclose the information, we will promptly notify the User.

  1. if such disclosure is likely to harm the life, body, property, or other rights and interests of a User or a third party;
  2. if there is a risk of a significant hindrance to the proper execution of our business; and
  3. if such disclosure violates any laws and regulations.

Article 6(Correction and Deletion of Personal Information)

  1. If any of the Personal Information retained by us is incorrect, we will, upon the request from the User, correct or delete the Personal Information in accordance with the procedures established by us.
  2. If we determine that it is necessary to accept the request from the User as referred in the preceding paragraph, we will correct or delete such Personal Information without delay and notify the User of such correction or deletion.

Article 7(Discontinuation of Use of Personal Information)

If we receive any request from a User for discontinuation of the use or removal of Personal Information (hereinafter referred to as "Discontinuation") on any of the grounds below, we will conduct the necessary investigations without delay. Subject to the result of the investigation, we will discontinue the use of Personal Information following the relevant laws and regulations and notify the User to that effect; provided, however, that in cases where it is difficult to discontinue the use of Personal Information due to the large amounts of costs involved or other reasons, and alternative measures are available to protect the rights and interests of the User, we will take such alternative measures.

  1. if Personal Information is handled beyond the scope of the purpose of use;
  2. if Personal Information is obtained through fraudulent means;
  3. if Personal Information is used in a manner that may encourage or induce illegal or wrongful acts;
  4. if we no longer need to use the User's Personal Information;
  5. if leakage, loss, or damage (hereinafter referred to as "Leakage") of Personal Information containing special-care required Personal Information has occurred or is likely to have occurred;
  6. if Leakage of Personal Information that might cause property damage due to unauthorized use has occurred or is likely to have occurred;
  7. if Leakage of Personal Information that may have been committed with a wrongful purpose has occurred or is likely to have occurred;
  8. if Leakage of Personal Information involving more than one thousand (1,000) individuals has occurred or is likely to have occurred; and
  9. if such handling of Personal Information is likely to harm the rights or legitimate interests of the User.

Article 8(Security Control Measures)

We have implemented the following measures for the security control of Personal Information.

  1. Establishment of Basic Policy
    We have published a Personal Information Protection Policy (Privacy Policy) that incorporates compliance with Personal Information Protection Act and the continuous improvement measures.
  2. Establishment of Rules for Handling Personal Information
    We have established internal rules that stipulate the handling of Personal Information at each stage, including acquisition, use, storage, provision, deletion, and disposal, etc.
  3. Systematic Security Control Measures
    We have appointed persons in charge of handling Personal Information and designated the employees who handle Personal Information and the scope of Personal Information handled by such employees, as well as establishing a system for reporting to and communicating with the person in charge.
    We also conduct regular self-inspections and perform audits by the auditing department.
  4. Personnel Security Control Measures
    We conduct regular training on the protection of Personal Information.
    Matters concerning confidentiality obligations are included in the work rules and pledges.
  5. Physical Security Control Measures
    We have introduced access control systems and restrictions on devices brought into the office.
    We have implemented measures to prevent unauthorized access to Personal Information.
    We have implemented measures such as locking and encryption in order to prevent theft or loss of equipment, electronic media, documents, and others that contain Personal Information.
  6. Technical Security Control Measures
    We have applied access control for Personal Information databases and others.
    We have introduced a mechanism to protect against unauthorized access or unauthorized software from outside.
  7. Understanding of External Environment
    When we allow a third party in a foreign country to handle Personal Information, we implement appropriate security control measures after learning the system for protecting Personal Information in the country where the third party is located.

Article 9(Procedures for Changing Privacy Policy)

We will review and improve the content of this Privacy Policy from time to time. The contents of this Privacy Policy may be changed except for matters otherwise stipulated by laws and regulations or in this Policy. The revised Privacy Policy shall take effect when it is notified to Users or posted on our website in the manner prescribed by us.

Article 10(Compliance with Laws and Regulations)

We will comply with Japanese laws, regulations, and other norms applicable to the Personal Information we store.

Article 11(Response to Complaints and Inquiries)

We take complaints and inquiries from Users regarding the handling of Personal Information and respond to such complaints and inquiries appropriately and promptly. We will also respond promptly and appropriately to requests from Users to disclose, correct, add to, delete, refuse to use, or provide such Personal Information.

Article 12(Contact for Inquiries)

For inquiries regarding our handling of Personal Information, please contact us at:

ITO Technologies, Inc.
Mizunobu Building 7F, 1-11-1 Kita Saiwai, Nishi-ku, Yokohama, Kanagawa
E-mail: support+soudan@ito-technologies.com
Website: https://ito-technologies.com/

Enacted and effective as of Aug. 21, 2022

GDPR Privacy Policy

This Privacy Policy only applies to the processing of personal data subject to the EU General Data Protection Regulation 2016/679 and the UK General Data Protection Regulation (hereinafter collectively referred to as “GDPR”).

1.Purpose of this Privacy Policy

This Privacy Policy applies to the "Soudan Service" and other services (hereinafter referred to as "Services") provided by ITO Technologies, Inc. (hereinafter referred to as the "We," Us," "Our," or "Our Company"), and the purpose of this policy is to outline how we process (e.g., collect, use, store, and disclose by transmission) personal data of identified or identifiable users of the Services located in the EEA and the UK(hereinafter referred to as "Personal Data") in the course of managing, operating or providing the Services as a data controller.

We respect individuals’ right to privacy and comply with the GDPR and other data protection and privacy-related laws and regulations.

2.Legal Basis for Processing Personal Data

We process Personal Data only as permitted by relevant laws or regulations (in particular, the GDPR).

When we process Personal Data, we rely on at least one legal basis for lawful processing.

Below we summarize (a) the purposes for processing Personal Data, (b) the types of Personal Data, and (c) the legal basis for processing Personal Data.

(a)Purposes for Processing Personal Data (b)Types of Personal Data (c)Legal Basis
1.Authentication and identification of users of the Services
  • User ID assigned by us to an individual user
  • The username that the user chooses to use for the Services
  • Full name
  • Address
  • Banking account information
  • Type of external social networking service and account information used by the user for user authentication
  • Country of residence
  • Age
  • Date of birth
  • Sex
e.g.
Performance of the contract
Legitimate interest
2.Provision of the Services
  • Information about the device used by the user (including a device identifier, operating systems, etc.)
  • IP address
  • Information about the user's settings within the Service, the user's activities and results, and other information about the user's usage of the Service
  • Balance of prepaid 'Coins' held
  • Information on whether a payment has been completed
Performance of the contract
3.the sale and distribution of prepaid 'Coins'
  • Information about the device used by the user (including a device identifier, operating systems, etc.)
  • IP address
  • Balance of prepaid 'Coins' held
  • Information on whether a payment has been completed
Performance of the contract
4.Counting of the number of users of application for providing the Services (“Application”), proper display of Application, improvement of convenience and other appropriate operation of Application, and analysis of the use of Application
  • IP address
  • Cookie or identifier using equivalent technology of cookie
Legitimate interest

3.Sources of Personal Data

In addition to acquiring Personal Data directly from the user, we obtain Personal Data indirectly through third parties concerning the following information.

  1. Account information of the SNS that the user has chosen to link with the Services for user authentication.
    We retrieve it through either Google/Apple at the user’s option.
  2. Information on the payment status of the charges for the paid content usage
    We acquire this information through the subcontractor that processes payments on our behalf. We only obtain information regarding whether or not the usage fee has been paid and do not acquire any information such as the user's credit card number.

4.Sharing and Disclosing Personal Data

We share and disclose Personal Data to the following third parties under GDPR. If the third party does not store data in the EU or in Japan, we take appropriate measures in accordance with the standard contract clauses approved by the European Commission.

  1. Google Cloud
    It is used as a hosting or another platform for providing the Services.
    The privacy policy for Google is as follows:
    https://policies.google.com/privacy
  2. Firebase
    It is used to realize the essential functions to provide the Services as applications and to improve and analyze the application.
    The privacy policy for Firebase is as follows:
    https://firebase.google.com/support/privacy
  3. Sentry
    It is used to improve and analyze the application for providing the Services.
    The privacy policy for Sentry is as follows:
    https://sentry.io/privacy/
  4. Stripe
    It is used to process payments and remit funds to vendors.
    The privacy policy for Stripe is as follows:
    https://stripe.com/en-jp/privacy
  5. Twilio
    It is used for the video call functionality necessary to provide the Services.
    The privacy policy for Twilio is as follows:
    https://www.twilio.com/ja/legal/privacy

5.Retention Period of Personal Data

We retain users' data only for as long as is necessary to achieve the purposes of processing the Personal Data. The specific retention period will be determined based on the following considerations: the purpose for acquiring and processing Personal Data, the nature of the Personal Data, and the legal or business requirement for retaining Personal Data.

6.Legal Rights of the User

The user has the following rights concerning Personal Data if specific requirements are met.

  1. To request access to Personal Data: The user may receive a copy of Personal Data held by us and check the status of lawful processing of Personal Data.
  2. To request correction of Personal Data: The user may correct relevant information if Personal Data is incomplete or inaccurate. However, we may request to prove the accuracy of the new information provided to us.
  3. To request deletion of Personal Data: The user may request that the relevant Personal Data be deleted if we have no legitimate reason to continue processing Personal Data. However, we may not be able to comply with the user's request if there are specific legal grounds.
  4. To make objections to improper Processing of Personal Data: The user may object to processing the relevant Personal Data.
  5. To request a restriction on the processing of Personal Data: The user may request that the processing of Personal Data be suspended.
  6. To request the data portability of Personal Data: The user may receive Personal Data in a structured, commonly used, and machine-readable format or request to have such data transferred to another controller without hinderance by us.
  7. To withdraw consent to process Personal Data: The withdrawal of consent by the user shall not affect the lawfulness of the processing carried out before such withdrawal. We may not be able to provide certain products or services to the user if the user withdraws the consent. We will advise the user if this is the case at the time of the withdrawal.

The user may lodge an objection with the data protection supervisory authority of the Member State of the user's residence. However, we would prefer to address any issues first before the user contacts the relevant supervisory authority.

7.Use by Children

We will not intentionally collect Personal Data from users under the age of 16 without the consent of a person with parental authority or other legal representatives (hereinafter referred to as "Person with Parental Authority"). If a person under 16 years of age wishes to use the Services, we will request the consent of the Person with Parental Authority in a manner specified by us.

8.Contact Information

Please contact us below if you have any questions or inquiries regarding this Privacy Policy.

ITO Technologies, Inc.
Mizunobu Building 7F, 1-11-1 Kita Saiwai, Nishi-ku, Yokohama City, Kanagawa Prefecture
E-mail: support+soudan@ito-technologies.com
Website: https://ito-technologies.com/

9.Updates to the Privacy Policy

We may update this Privacy Policy from time to time. The latest version is available on our website.