UPWARD, Inc. (hereinafter referred to as "the Company") has established the following privacy policy and constructed a framework for personal information protection (personal information protection management system). By ensuring that all employees recognize the importance of personal information protection and implement these measures, we will promote the protection of personal information.
1. acquisition, use, and provision of personal information
We recognize that personal information is an important asset of individuals and will appropriately acquire, use, and provide personal information in light of the fact that we are engaged in the business of providing cloud services and applications, where the handling of personal information is essential. When acquiring personal information, we will specify the purpose of use to the greatest extent possible and endeavor to use legal and fair means.
We will acquire personal information in the following cases
(1) When a customer enters personal information himself/herself in connection with the use of our services
(2) When we collect information about a customer in connection with the use of our services
(3) When we receive information directly from the customer or through media such as written documents
(4) In addition to the above, when we receive information from a third party with the consent of the customer, (5) When we legitimately collect information from third parties, such as when we receive information as a result of outsourcing or when we receive information from third parties to whom we have obtained consent from the customer to provide information to us through the customer.
2. Management of Personal Information
The Company will manage acquired personal information in compliance with laws and regulations concerning the protection of personal information, guidelines established by the government, and other standards. The Company will appoint a Personal Information Protection Manager, assign responsibility and authority for the implementation and operation of the Personal Information Protection Management System, appoint a Personal Information Protection Audit Officer, and continuously review and improve the Personal Information Protection Management System. Furthermore, to prevent unauthorized access to personal information, loss, destruction, alteration, leakage, etc., we will take necessary measures such as maintaining security systems, establishing management structures, and thoroughly educating employees.
3. Purpose of Use of Personal Information
Main purposes of use of personal information acquired by the Company:
A. Personal Information Related to Customers and Prospective Customers (including personal information acquired by customers and provided to the Company)
(1) For maintaining and managing relationships
(2) For setting up and providing the Company's services
(3) For planning and hosting promotions, events, seminars, etc.
(4) For sending the latest information about services and the company, as well as newsletters
(5) For collecting service usage fees
(6) For investigating technical issues
(7) For understanding service usage and improving quality
B. Personal Information Related to Job Applicants, Employees, and Retirees
(1) For recruitment selection and related communications
(2) For business communication and personnel/labor management
C. Personal Information Related to Website Visitors
(1) For analyzing website and service usage and improving quality
(2) For advertising and marketing activities
D. Personal Information Related to Employees of Contractors, Business Partners, and Other Cooperating/Affiliated Companies
(1) For maintaining and managing relationships
(2) For related transactions and business execution
(3) For planning and hosting events
(4) For payment of service usage fees and related procedures
E. Personal Information Related to Visitors to Our Company
(1) For contacting our employees who are the destination of the visit and confirming the purpose of the visit, etc.
(2) For crime prevention
F. Personal Information Related to Those Who Inquire About Our Company, Products, Services, etc.
(1) For responding to inquiries
(2) For recording and managing inquiry response content
G. Location Information for Product/Service Use
To provide functions that utilize location information in our products and services (however, unless uploaded through intentional user operation, location information data is only stored within the user's device, such as a smartphone)."
4. Use of Cookies and Acquisition of Usage Status/Attribute Information
Cookies (including similar technologies, hereinafter referred to as "Cookies") are classified into two types: those set by the domain of our website and those set by third parties that we use or have partnered with. Cookies set by third parties may be used by advertising distribution service providers to display our online advertisements on the most suitable platforms.
We use Cookies, IP addresses, access counts, browser types, operating systems, and other usage information to improve customer convenience, obtain statistical data, and provide appropriate advertising.
We may combine personal information obtained from third parties through Cookies with personal information we already possess, after obtaining consent from the individual and in compliance with this Privacy Policy.
You can refuse the acceptance of Cookies by changing your browser settings, but this may prevent you from using some of our services. For information on how to disable Cookies set by third parties that we use or have partnered with, please refer to the respective third party's website.
5. Provision of Personal Information
(1) Provision to Third Parties
We may provide personal data to third parties (including those located in foreign countries) with your consent to deliver advertisements, content, and for the purposes of effectiveness measurement and analysis based on your interests and browsing history.
We will appropriately manage the personal information entrusted to us by customers and will not disclose it to third parties without the individual's consent, except in the following cases:
(1) When the customer has given consent.
(2) When disclosure is required by law.
(3) When disclosure is permitted under other laws or our regulations.
(2) Supervision of Contractors
We may outsource a part or all of the handling of personal information we acquire to external parties for the purposes outlined in "3. Purposes of Use of Principal Personal Information Acquired by the Company." In such cases, we will exercise necessary and appropriate supervision over the contractors to ensure the secure management of the entrusted personal data.
6. Requests for Disclosure, etc., of Personal Information
We have established procedures as described below and will appropriately respond to requests for the disclosure, correction, addition, deletion, cessation of use, erasure, and cessation of provision to third parties (hereinafter referred to as "Requests for Disclosure, etc.") regarding "Retained Personal Data" (personal data over which we have the authority to disclose, correct, add to or delete content from, cease use of, erase, and cease provision to third parties; the same applies hereinafter) and records of third-party provision of personal data (hereinafter referred to as "Third-Party Provision Records"), in compliance with applicable laws. Please understand that in the following cases, the information will not be subject to disclosure in accordance with the law.
[Retained Personal Data]
(1) Cases where there is a risk of harming the life, body, property, or other rights and interests of the individual or a third party.
(2) Cases where there is a risk of significant impediment to the proper implementation of our business operations.
(3) Cases where it would violate laws and regulations.
[Third-Party Provision Records]
(1) Cases where the existence or non-existence of the record would endanger the life, body, or property of the individual or a third party.
(2) Cases where the existence or non-existence of the record is likely to encourage or induce illegal or unjust conduct.
(3) Cases where the existence or non-existence of the record is likely to harm national security, damage relationships of trust with other countries or international organizations, or cause disadvantages in negotiations with other countries or international organizations.
(4) Cases where the existence or non-existence of the record is likely to impede the prevention, suppression, or investigation of crimes, or the maintenance of public safety and order.
7. security control measures for personal information
We will take necessary and appropriate measures to prevent unauthorized access to, leakage of, loss of, or damage to personal information, as well as to correct and otherwise safely manage personal information. The security control measures to be taken by the Company include the following
(1) Formulation of basic policy
In order to ensure the proper handling of personal information, we have formulated a basic policy (meaning this Personal Information Protection Policy) regarding compliance with related laws, regulations, guidelines, etc., as well as a point of contact for questions and complaint handling. (1) The Company has established the following basic policy (which means this Personal Information Protection Policy).
(2) Establishment of Rules for Handling Personal Information
Rules for handling personal information have been established for each stage of acquisition, use, storage, provision, deletion and disposal of personal information, including handling methods, responsible persons and persons in charge, and their duties.
(3) Organizational Safety Management Measures
In addition to appointing a person responsible for the handling of personal information, the company has established a system for clarifying the employees who handle personal information and the scope of personal information handled by such employees, and for reporting to the person responsible in the event that a fact or indication of a violation of the law or handling rules is detected. In addition, the responsible person periodically conducts a self-inspection of the status of personal information handling.
(4) Personnel safety control measures
Employees are regularly trained on matters to keep in mind regarding the handling of personal information. In addition, the Company stipulates confidentiality of personal information in its employment regulations.
(5) Physical Safety Control Measures
In areas where personal information is handled, measures are taken to ensure that personal information cannot be easily accessed by anyone other than employees who are authorized to handle personal information and the individual concerned. In addition, in order to prevent theft or loss of equipment, electronic media, and documents that handle personal information, the Company stores such information in lockable cabinets and storerooms, and when transporting such equipment, electronic media, etc., including within the business site, the Company takes measures to prevent easy identification of personal information by setting passwords, enclosing them in envelopes, and placing them in bags for transportation. In addition, the company takes measures to ensure that personal information is not easily revealed. In addition, measures are taken to ensure that a responsible person confirms when personal information has been deleted or when equipment, electronic media, etc. on which personal information is recorded has been destroyed.
(6) Technical Safety Control Measures
Access control is implemented to limit the scope of persons in charge and the personal information databases, etc. handled, and user control functions are used to identify and authenticate employees who use information systems that handle personal information databases, etc. In addition, security software is installed on information systems and equipment that handle personal information, and is kept up-to-date through the use of automatic updating functions, etc., while operating systems are also kept up-to-date. When files containing personal information are sent by e-mail, etc., passwords are set for the files.
(7) Understanding the external environment
We implement safety management measures based on our understanding of the systems related to the protection of personal information in Japan, where personal information is stored. In the event that personal data is handled in a foreign country, we will inform you on our website.
8. how to request disclosure of personal information
If a customer wishes to inquire about, correct, or delete his or her own personal information, which is among the personal information that we collect, regarding retained personal data and records provided to third parties, we will respond to the customer's request after confirming the identity of the customer. Please be advised that a fee (1,000 yen per request) prescribed by the Company will be charged for handling retained personal data and records provided to a third party.
(1) Requirements for Requests for Disclosure, etc.: The personal information subject to the request must be personal information held by the Company and not fall under any of the items in 6.
1. If there is a risk of infringing on the life, body, property or other rights or interests of the person concerned or a third party
2. If there is a significant risk of interfering with the proper conduct of the Company's business
(2) Procedure for requesting disclosure, etc. of retained personal data and where to submit the request
Please fill out the application form specified by the Company and send it by postal mail to the address stated in Section 8, together with documents verifying the identity of the applicant as specified in Section 8 (3) (in the case of application by a proxy, a letter of attorney or other document verifying the authority of representation). (3) above. Please write "Request for Disclosure, etc. Enclosed" in red ink on the envelope. Please note that we cannot respond to requests by telephone. Please understand that we will not be able to respond to your request by telephone. We will respond to your request in writing by mail, by e-mail, or by any other method specified by us. The method of response will depend on the wishes of the customer, but if it is difficult to disclose the information by such a method, we may use a method of response that does not meet the customer's wishes in accordance with laws and regulations.
(3) Documents to confirm your identity or authority of representation
Please submit one copy of each of the following official documents (if one of the documents has a photo, or two or more documents otherwise) as documents to confirm your identity.
Driver's license, driving record certificate, passport, health insurance card, personal number card or basic resident registration card (with address), resident card, special permanent resident certificate or alien registration certificate deemed as special permanent resident certificate, resident certificate
<In case of application by proxy>
In case of application by proxy If the application is made by a proxy, please submit one copy of the documents specified below as documents to confirm the authority of representation and the identity of the proxy. However, for identification documents, one of the documents must be submitted if it has a photograph, and two or more documents must be submitted otherwise.
A. In the case of a legal representative of a minor or guardian of an adult
Documents to verify the right of legal representation (copy of family register, extract from family register, certificate of registered matters for adult guardianship registration, etc.) documents proving that the proxy is a legal representative)
B. In the case of a proxy by power of attorney
(1) A letter of attorney prescribed by the Company
(2) A certificate of seal registration of the proxy (within 3 months of the date of issue) or a copy of a document issued only to the principal such as a driver's license or personal number card (but not a personal number notification card) of the proxy
(3) (4) Identification of the person who is the representative (driver's license, driving record certificate, passport, health insurance card, personal number card or basic resident registration card (with address), residence card, special permanent resident certificate or alien registration certificate deemed as a special permanent resident certificate, resident card)
(4) In principle, we do not charge a fee for the procedures for requesting disclosure, etc. However, postage and other communication costs incurred in mailing documents from the requesting party to the Company shall be borne by the requesting party.
9. contact for inquiries
For requests for disclosure, etc. of personal information, or complaints and consultations regarding the handling of personal information, please contact us by any of the following methods.
Send by mail to the following address:
UPWARD Corporation (CEO: Ryusuke Kaneki)
To: Personal Information Protection Manager, Corporate Planning Department
Marunouchi Eiraku Building 26F, 1-4-1 Marunouchi, Chiyoda-ku, Tokyo 100-0005, Japan
10. voluntariness
The provision of personal information to us is voluntary. However, please be aware that if you do not provide us with your personal information, you may not be able to receive our services properly or you may suffer other disadvantages.
11. revision of this policy
We may revise this policy as necessary. When revising this policy, the Company will announce the effective date and content of the revised policy on the Company's website or individually notify each individual, and will implement revisions in accordance with other laws and regulations.
The above
October 31, 2025
UPWARD Corporation
