(HEREINAFTER REFERRED TO AS "UPWARD") WILL PROMOTE THE PROTECTION OF PERSONAL INFORMATION BY ESTABLISHING THE FOLLOWING PERSONAL INFORMATION PROTECTION POLICY, BUILDING A PERSONAL INFORMATION PROTECTION SYSTEM (PERSONAL INFORMATION PROTECTION MANAGEMENT SYSTEM), AND ENSURING THAT ALL EMPLOYEES RECOGNIZE THE IMPORTANCE OF PERSONAL INFORMATION PROTECTION AND TAKE APPROPRIATE MEASURES.
1. acquisition, use, and provision of personal information
In light of the fact that we are engaged in the business of providing cloud services and applications, in which the handling of personal information is essential, we recognize that personal information is an important asset of individuals and will acquire, use, and provide personal information in an appropriate manner. When acquiring personal information, we will specify the purpose of use to the greatest extent possible and endeavor to use legal and fair means.
We will acquire personal information in the following cases
(1) When a customer enters personal information himself/herself in connection with the use of our services
(2) When we collect information about a customer in connection with the use of our services
(3) When we receive information directly from the customer or through media such as written documents
(4) When we receive information from a third party with the consent of the customer in addition to the above, (5) When we obtain the information legally, such as when we receive the information from a third party with your consent or when we receive the information as a result of outsourcing.
2. management of personal information
The Company shall manage personal information obtained in accordance with laws and regulations concerning the handling of personal information, such as the Act on the Protection of Personal Information of Customers, guidelines set forth by the government, and other norms. We will appoint a personal information protection manager and give him/her responsibility and authority for the implementation and operation of the personal information protection management system, and we will appoint a personal information protection auditor and strive to continuously review and improve the personal information protection management system. In addition, in order to prevent unauthorized access, loss, damage, falsification, leakage, etc. of personal information, we will take necessary measures such as maintaining a security system, improving the management system, and thoroughly educating employees.
3. purpose of use of personal information
Main purposes of use of personal information we obtain
A. Personal information about customers and prospective customers (including personal information obtained by customers and provided to us)
(1) To maintain and manage relationships
(2) To set up and provide our services
(3) To plan and host promotions, events, seminars, etc.
(4) To send service and company updates and newsletters
(5) To collect fees for service use
(6) To investigate technical problems
(7) To understand the usage of the service and to improve the quality
B. Personal information about candidates for employment, employees, and retirees
(1) For employment selection and administrative communication
(2) For business communication and personnel and labor management
C. Personal information about website visitors
(1) For analysis of website and service usage and quality improvement
(2) For advertising and marketing activities
D. Personal information about employees of contractors, business partners, and other cooperating and related companies
(1) For relationship maintenance and management
(2) For conducting related transactions and business
(3) For event (3) For planning and organizing events
(4) For payment of service use and related procedures
E. Personal information about visitors to our company
(1) For contacting our employees at the destination of the visit and confirming the purpose of the visit
(2) For crime prevention
F. Personal information about visitors who inquire about our company and our products and services
(1) To respond to inquiries
(2) To record and manage the content of inquiries
G. Location information for use of products and services
To provide functions utilizing location information in our products and services (however, location information data is only stored in the terminal used, such as smartphones, unless uploaded by the user's intentional operation) (However, unless uploaded by the user's intentional operation, location information data is only stored in the terminal used, such as a smartphone)
Use of Cookies, etc. and Acquisition of Usage and Attribute Information
There are two types of cookies (including similar technologies, hereinafter referred to as "cookies"): those set by the domain of the Company's website and those set by third parties with which the Company uses or cooperates. Cookies set by third parties may be set by the ad-serving companies we use to enable them to place our online advertisements in the most appropriate locations.
We may use cookies and collect information such as your IP address, number of accesses, browser, operating system, and other information for the purpose of improving customer convenience, obtaining statistical data, and providing appropriate advertisements.
We may use cookies and other personally identifiable information obtained from third parties that we use or cooperate with in conjunction with personal information that we already have. In such cases, we will obtain prior consent from the person concerned and use the information in accordance with this Privacy Policy.
You may refuse to accept cookies through your browser settings, but if you do so, you may not be able to use some of our services. In addition, if you wish to opt-out of services using cookies provided by third parties with whom we use or cooperate, please visit the relevant third party's website.
5. provision of personal information
(1) Provision to third parties
We may provide personal data to third parties (including those located in foreign countries) with your consent in order to deliver, measure the effectiveness of, and analyze advertisements, content, etc. based on your interests and behavioral history. We may provide personal data to third parties (including those located in foreign countries) with the consent of the customer.
We will appropriately manage the personal information we receive from our customers and will not disclose personal information to third parties without the consent of the customer, except in the following cases
(1) When we have the consent of the customer
(2) When disclosure is required by law
(3) When disclosure is otherwise permitted by law or in accordance with our regulations
(2) Supervision of contractors
We may outsource part or all of the handling of personal information that we obtain to outside parties for the purposes of use specified in "3. Purposes of Use of Personal Information Obtained by the Company". In such cases, we will exercise necessary and appropriate supervision over the entrusted party to ensure that the entrusted personal data is managed safely.
6. request for disclosure of personal information
Among the personal information that we obtain, we may request disclosure, correction, addition or deletion of "retained personal data" (personal data for which we have the authority to disclose, correct, add or delete content, suspend use, erase, and suspend provision to third parties; hereinafter the same) and confirmation records regarding provision of personal data to third parties (hereinafter "Third Party Provision Records"). The same shall apply hereinafter) and records of confirmation regarding the provision of personal data to third parties (hereinafter referred to as "records of provision to third parties"), the Company shall establish the following procedures for requests for disclosure, correction, deletion, or cessation of use and provision (hereinafter referred to as "requests for disclosure, etc."), and respond appropriately in accordance with laws and regulations. However, please understand that the following cases do not constitute retained personal data or records provided to third parties that are subject to disclosure, etc. in accordance with laws and regulations.
(1) If there is a risk of harm to the life, body, property, or other rights or interests of the person or a third party
(2) If there is a risk of significant hindrance to the proper conduct of our business
(3) If it would violate laws or regulations
[Records provided to third parties]
(1) If the existence of the relevant record is revealed to the person (2) The existence or nonexistence of the relevant record is likely to encourage or induce illegal or unjust acts
(3) The existence or nonexistence of the relevant record is likely to cause harm to national security, damage the relationship of trust with other countries or international organizations, or harm the relationship of trust with other countries or international organizations (4) The existence or nonexistence of the relevant record is likely to cause harm to the rights or property of the person or a third party
(3) When the existence or nonexistence of the relevant record is likely to cause harm to national security, damage to relations of trust with other countries or international organizations, or disadvantage in negotiations with other countries or international organizations
(4) When the prevention, suppression or investigation of crime, or the maintenance of other public safety and order is likely to be disturbed by the disclosure of the existence or nonexistence of the relevant record.
7. security control measures for personal information
We will take necessary and appropriate measures to prevent unauthorized access to, leakage of, loss of, or damage to personal information, as well as to correct and otherwise safely manage personal information. The security control measures to be taken by the Company include the following
(1) Formulation of basic policy
In order to ensure the proper handling of personal information, we have formulated a basic policy (meaning this Personal Information Protection Policy) regarding compliance with related laws, regulations, guidelines, etc., as well as a point of contact for questions and complaint handling. (1) The Company has established the following basic policy (which means this Personal Information Protection Policy).
(2) Establishment of Rules for Handling Personal Information
Rules for handling personal information have been established for each stage of acquisition, use, storage, provision, deletion and disposal of personal information, including handling methods, responsible persons and persons in charge, and their duties.
(3) Organizational Safety Management Measures
In addition to appointing a person responsible for the handling of personal information, the company has established a system for clarifying the employees who handle personal information and the scope of personal information handled by such employees, and for reporting to the person responsible in the event that a fact or indication of a violation of the law or handling rules is detected. In addition, the responsible person periodically conducts a self-inspection of the status of personal information handling.
(4) Personnel safety control measures
Employees are regularly trained on matters to keep in mind regarding the handling of personal information. In addition, the Company stipulates confidentiality of personal information in its employment regulations.
(5) Physical Safety Control Measures
In areas where personal information is handled, measures are taken to ensure that personal information cannot be easily accessed by anyone other than employees who are authorized to handle personal information and the individual concerned. In addition, in order to prevent theft or loss of equipment, electronic media, and documents that handle personal information, the Company stores such information in lockable cabinets and storerooms, and when transporting such equipment, electronic media, etc., including within the business site, the Company takes measures to prevent easy identification of personal information by setting passwords, enclosing them in envelopes, and placing them in bags for transportation. In addition, the company takes measures to ensure that personal information is not easily revealed. In addition, measures are taken to have a responsible person confirm when personal information has been deleted or when equipment, electronic media, etc. on which personal information is recorded has been destroyed.
(6) Technical Safety Control Measures
Access control is implemented to limit the scope of persons in charge and the personal information databases, etc. handled, and user control functions are used to identify and authenticate employees who use information systems that handle personal information databases, etc. In addition, security software is installed on information systems and equipment that handle personal information, and is kept up-to-date through the use of automatic updating functions, etc., while operating systems are also kept up-to-date. When files containing personal information are sent via e-mail, etc., passwords are set for the files.
(7) Understanding the external environment
We implement safety management measures based on our understanding of the systems related to the protection of personal information in Japan, where personal information is stored. In the event that personal data is handled in a foreign country, we will inform you of this on our website.
8. how to request disclosure of personal information
If a customer wishes to inquire about, correct, or delete his or her own personal information, which is among the personal information that we collect, with regard to retained personal data and records provided to third parties, we will respond to the customer's request after confirming the identity of the customer. Please be advised that a fee (1,000 yen per request) prescribed by the Company will be charged for handling retained personal data and records provided to a third party.
(1) Requirements for Requests for Disclosure, etc.: The personal information subject to the request must be personal information held by the Company and not fall under any of the items in 6.
1. If there is a risk of infringing on the life, body, property or other rights or interests of the person concerned or a third party
2. If there is a significant risk of interfering with the proper conduct of the Company's business
(2) Procedure for requesting disclosure, etc. of retained personal data and where to submit the request
Please fill out the application form specified by the Company and send it by mail to the address stated in Section 8, together with documents verifying the identity of the applicant as specified in Section 7 (3) (in the case of an application by a proxy, a letter of attorney or other documents verifying the authority of representation). (3) above. Please write "Request for Disclosure, etc. enclosed" in red ink on the envelope. Please note that we cannot respond to requests by telephone. Please understand that we will not be able to respond to your request by telephone. We will respond to your request in writing by mail, by e-mail, or by any other method specified by us. The method of response will depend on the wishes of the customer, but if it is difficult to disclose the information by such methods, we may use a method of response that does not meet the customer's wishes, in accordance with laws and regulations.
(3) Documents to confirm your identity or authority of representation
Please submit one copy of each of the following official documents (if one of the documents has a photo, or two or more documents otherwise) as documents to confirm your identity.
Driver's license, driving record certificate, passport, health insurance card, personal number card or basic resident registration card (with address), resident card, special permanent resident certificate or alien registration certificate deemed as special permanent resident certificate, resident certificate
<In case of application by proxy>
In case of application by proxy If the application is made by a proxy, please submit one copy of the documents specified below as documents to confirm the authority of representation and the identity of the proxy. However, for identification documents, one of the documents must be submitted if it has a photograph, and two or more documents must be submitted otherwise.
A. In the case of a legal representative of a minor or guardian of an adult
Documents to verify the right of legal representation (copy of family register, extract from family register, certificate of registered matters for adult guardianship registration, etc.) documents proving that the proxy is a legal representative)
B. In the case of a proxy by power of attorney
(1) A letter of attorney prescribed by the Company
(2) A certificate of seal registration of the proxy (within 3 months of the date of issue) or a copy of a document issued only to the principal such as a driver's license or personal number card (but not a personal number notification card) of the proxy
(3) (4) Identification of the person who is the representative (driver's license, driving record certificate, passport, health insurance card, personal number card or basic resident registration card (with address), residence card, special permanent resident certificate or alien registration certificate deemed as a special permanent resident certificate, resident card)
(4) In principle, we do not charge a fee for the procedures for requesting disclosure, etc. However, postage and other communication costs incurred in mailing documents from the requesting party to the Company shall be borne by the requesting party.
9. contact for inquiries
For requests for disclosure, etc. of personal information, or for complaints and consultations regarding the handling of personal information, please contact us by the following methods.
Send by mail to the following address:
UPWARD Corporation (CEO: Ryusuke Kaneki)
To: Personal Information Protection Manager, Corporate Planning Division
Marunouchi Eiraku Building 26F, 1-4-1 Marunouchi, Chiyoda-ku, Tokyo 100-0005, Japan
10. voluntariness
The provision of personal information to us is voluntary. However, please be aware that if you do not provide us with your personal information, you may not be able to receive our services properly or you may suffer other disadvantages.
11. revision of this policy
We may revise this policy as necessary. When revising this policy, the Company will announce the effective date and content of the revised policy on the Company's website or individually notify each individual, and will implement revisions in accordance with other laws and regulations.
The above
May 1, 2024
UPWARD Corporation
