プライバシーポリシー

Tangerine Inc. (hereinafter referred to as the “Company”) understands the importance of personal information protection, complies with the Act on the Protection of Personal Information (hereinafter referred to as the “Act”), and endeavors to appropriately handle and protect personal information in accordance with the privacy policy provided for below (hereinafter referred to as the “Privacy Policy”). Unless otherwise provided for in the Privacy Policy, the definition of terms used in the Privacy Policy shall be in accordance with the provisions of the Act.

As used in the Privacy Policy, the term “personal information” shall mean personal information defined in Article 2, paragraph 1 of the Act.

The Company will use personal information for the purposes set forth below.

      (1)      To provide services offered by the Company (hereinafter referred to as the “Services”)

      (2)      To respond to inquiries such as those about information on the Services

      (3)      To provide information about the Company’s products and the Services

      (4)      To respond to violations of the Company’s terms, conditions and policies for the Services (hereinafter referred to as the “Terms and Conditions”)

      (5)      To give notice of amendments or other changes to the Terms and Conditions of the Services

      (6)      To analyze information such as that on the usage of the Services by users in order to make use of such information for activities such as improving the Services and developing new services

      (7)      To analyze personal-related information provided by third parties and information such as that on the usage of the Services by users, and collate such information with other information in order to customize advertisements delivered according to the age, occupation, gender, hobby and other tastes of users

      (8)      To manage employees and go through internal procedures (with respect to personal information of officers and employees), and to screen and contact candidates in recruitment activities (with respect to personal information of candidates)

      (9)      To manage shareholders and respond to procedures under the Companies Act and other laws and regulations (with respect to personal information of persons such as shareholders and holders of share options)

      (10)    To produce statistical data processed in a format in which individuals are not identifiable, in connection with the Services

      (11)    For other purposes incidental to any of the use purposes in the preceding items

3.1       In providing the Services, the Company will collect the following information from users of the Services by the following methods:

(1)      Information to be collected

Names, email addresses, advertising IDs, user IDs for the Services, and physical features (such as facial information)

(2)      Collection methods

(i)    Having users enter information on the website managed by the Company

(ii)   Acquiring information from a beacon related to the Services

(iii)  Acquiring information by linking the Services with third-party databases

(iv)  Acquiring information from external devices (including, but not limited to AI cameras) related to the Services

(v)   Receiving personal-related information from third parties

3.2       The Company will retain information set forth in Article 3.1, item (1) during the period the Services is provided and thereafter; provided, however, that the Company will endeavor to erase such information without delay when the Company no longer needs to use the information.

The Company may change any purpose of use of personal information to the extent reasonably deemed relevant, and in cases of such change, the Company will notify the individual who is the subject of personal information (hereinafter referred to as the “Data Subject”) of the change personally or via announcement.

5.1      Except as permitted by the Act or other laws and regulations, the Company will not handle personal information without the consent of the Data Subject beyond the extent necessary to achieve any use purpose; provided, however, that this shall not apply in the cases set forth below.

           (1)      Where it is based on laws and regulations

           (2)      Where it is necessary to protect the life, body or property of a person and difficult to obtain the consent of the Data Subject

           (3)      Where it is particularly necessary to improve public health or promote healthy child development and difficult to obtain the consent of the Data Subject

           (4)      Where it is necessary to cooperate with a national government organization or a local government, or a person entrusted by such entity in performing affairs specified by laws and regulations, and obtaining the consent of the Data Subject may hinder performance of the affairs

           (5)      Where personal data is provided to an organization such as an academic research institute and the organization needs to handle such personal data for academic research purposes (including where part of the purpose of handling such personal data is an academic research purpose, but except where there is a risk of unjustly infringing rights and interests of individuals)

5.2      The Company will not use personal information by any method that is likely to encourage or induce an illegal or unjust act.

6.1      The Company will properly acquire personal information, and never acquire personal information by fraudulent or other wrongful means.

6.2      The Company will not acquire special care-required personal information (meaning that defined in Article 2, paragraph 3 of the Act) without the prior consent of the Data Subject, except in the cases set forth below.

           (1)      Where it falls under one of the cases set forth in items (1) through (4) of Article 5.1

           (2)      Where special care-required personal information is acquired from an organization such as an academic research institute, and it is necessary to acquire such special care-required personal information for academic research purposes (including where part of the purpose of acquiring such special care-required personal information is an academic research purpose, but except where there is a risk of unjustly infringing rights and interests of individuals) (only in the case the business operator handling personal information and the organization such as academic research institute jointly conduct academic research)

           (3)      Where the special care-required personal information is made public by the Data Subject, a national government organization, a local government, an organization such as an academic research institute, a person listed in one of items of Article 57, paragraph 1 of the Act, or any other person designated in the rules of the Personal Information Protection Commission

           (4)      Where special care-required personal information containing visually identifiable features is acquired by visual observation, filming or photographing of the Data Subject

           (5)      Where special care-required personal is provided by a third party, which falls under one of the cases set forth in items of Article 9.1.

6.3      When personal information is provided by a third party, the Company will confirm the matters listed below as set forth in the rules of the Personal Information Protection Commission, except where the provision of such personal information by the third party falls under one of items of Article 5.1 or items of Article 9.1.

           (1)      Name and address of the third party, and if the third party is a corporation, name of the representative (in cases of an organization without legal personality for which the representative or administrator has been designated, that representative or administrator)

           (2)      Circumstances under which the personal information was acquired by the third party

The Company will supervise its employees in a necessary and appropriate manner so that personal information is safely managed and protected against risks such as loss, destruction, falsification and leakage. The Company, when outsourcing the handling of personal information, in whole or in part, will also provide necessary and appropriate supervision so that the personal information is safely managed by the outsourcer. The Company implements the safety management measures for its retained personal data as shown below while monitoring the external environment. For the specific details of the safety management measures, the Company will answer the inquiry without delay when the Data Subject contacts the Company through the contact point set forth in Article 17.

Formulation of the basic policy

The Privacy Policy is formulated as the basic policy for matters such as “compliance with related laws, regulations, guidelines, etc.” and “establishment of a contact point for dealing with questions and complaints” to ensure the proper handling of personal data.

Maintenance of discipline for the handling of personal data

Rules and regulations for the handling of personal data are formulated with respect to matters such as handling methods, the responsible person and personnel in charge thereof and their duties at each stage of acquisition, use, storage, provision, deletion, disposal, etc.

Organizational safety management measures

Persons responsible for the handling of personal information are appointed, and, based on the cooperation with these persons, organizational, human, physical and technical safety management measures for personal information are taken.

Human safety management measures

1) Education and training is provided; safety measures are implemented; the compliance action plan is formulated; and measures are taken to thoroughly familiarize officers and employees with the plan.

2) Liability for information security is set forth in the employment agreement or non-disclosure agreement.

3) Education about handling of personal data is regularly provided to raise awareness of information security and other related matters.

Physical safety management measures

Physical safety management measures set forth in the information security management regulations are implemented, such as the implementation of antitheft measures.

Technical safety management measures

To restrict access to personal information, access controls are set on each file and the chief administrator grants access rights to each individual in accordance with the access control policy.

If an event such as leakage of, loss of or damage to personal information handled by the Company occurs, the Company will report to the Personal Information Protection Commission thereon and notify the Data Subject thereof in accordance with the provisions of the Act.

9.1      The Company will not provide personal information to third parties without the prior consent of the Data Subject, except where such provision falls under one of items of Article 5.1; provided, however, that the cases listed below do not fall under the provision to third parties set forth in the foregoing.

           (1)      Where personal information is provided in connection with the outsourcing of the handling of the personal information, in whole or in part, to the extent necessary to achieve any use purpose

(2)      Where personal information is provided in connection with a business succession due to merger or other circumstances

           (3)      Where personal information is jointly used under the provisions of the Act

9.2      Notwithstanding the provisions of Article 9.1, the Company shall, except where it falls under one of items of Article 5.1, obtain the prior consent of the Data Subject to the effect that the Data Subject approves the provision of personal information to a third party (excluding entities that have a system conforming to the standards designated in the rules of the Personal Information Protection Commission under Article 28 of the Act) in a foreign country (excluding countries designated in the rules of the Personal Information Protection Commission under Article 28 of the Act) in cases of such provision to the third party in a foreign country.

9.3      When the consent of the Data Subject is obtained with respect to provision to a third party in a foreign country under Article 9.2, information shall be provided to the Data Subject with respect to the matters set forth in items below; provided, however, that if it is unable to identify the matter set forth in item (1), the fact that it is unable to identify the matter set forth in item (1) and reasons therefor in lieu of the matters set forth in items (1) and (2), as well as information that is to serve as a reference for the Data Subject in lieu thereof, if any, shall be provided.

           (1)      Name of the foreign country

           (2)      Information on a system for the protection of personal information in the foreign country

           (3)      Information on measures taken by the third party for the protection of personal information (if it is unable to provide such information, that fact and reasons therefor)

9.4      The Company will, when providing personal information to a third party, keep and retain records in accordance with Article 29 of the Act.

9.5      The Company shall, when receiving personal information provided by a third party, confirm specific matters required and keep and retain records of such confirmation in accordance with Article 30 of the Act.

10.1    When the Data Subject requests that the Company disclose personal information under the provisions of the Act, the Company will disclose it to the Data Subject without delay after confirming that the request was made by the Data Subject him or herself (or, if such personal information does not exist, notify the Data Subject thereof); provided, however, that this shall not apply in the case the Company is not obliged to make a disclosure pursuant to the Act or other laws and regulations.

10.2    The provisions of the preceding article shall apply mutatis mutandis with respect to records of provision to third parties made under Article 9.4 and records of provision from third parties made under Article 9.5 for personal information that may identify the Data Subject.

If the Data Subject, under the provisions of the Act, requests that the Company make corrections or additions to or deletion of (hereinafter referred to as “Corrections, etc.”) the content of personal information for the reason that the personal information is not true, the Company will, after confirming that the request was made by the Data Subject him or herself, conduct a necessary investigation without delay to the extent necessary to achieve any use purpose, and based on the result thereof, make Corrections, etc. to the content of the personal information and notify the Data Subject thereof (or, if the Company decides that Corrections, etc. are not made, notify the Data Subject thereof); provided, however, that this shall not apply in the case the Company is not obliged to make Corrections, etc. pursuant to the Act or other laws and regulations.

If the Data Subject, under the provisions of the Act, requests that (i) the Company cease using or erase (hereinafter referred to as “Cease Using, etc.”) the Data Subject’s personal information for the reason that the personal information is handled beyond the purpose of use thereof made public in advance, is used by a method that is likely to encourage or induce an illegal or unjust act, or has been acquired by fraudulent or other wrongful means; (ii) the Company cease providing (hereinafter referred to as “Cease Providing”) the Data Subject’s personal information for the reason that the personal information is provided to a third party without the Data Subject’s consent; or (iii) the Company Cease Using, etc. or Cease Providing the Data Subject’s personal information for the reason that it falls under the case where the Company no longer needs to use the personal information, where an event provided for in the main clause of Article 26, paragraph 1 of the Act occurs with respect to the personal information or otherwise where the Data Subject’s rights or legitimate interests are likely to be harmed by the handling of the personal information, and it is revealed that the reason for the request is valid, the Company will, after confirming that the request was made by the Data Subject him or herself, Cease Using, etc. or Cease Providing the personal information without delay and notify the Data Subject thereof; provided, however, that this shall not apply in the case the Company is not obliged to Cease Using, etc. or Cease Providing such information pursuant to the Act or other laws and regulations.

13.1    When it is expected that a third party will acquire personal-related information (meaning that defined in Article 2, paragraph 7 of the Act, and limited to that constituting personal-related information database, etc. defined in Article 16, paragraph 7 of the Act; hereinafter the same shall apply) as personal data, the Company will not provide such personal-related information to the third party without confirming the matters listed below in advance as set forth in the rules of the Personal Information Protection Commission, except in the cases listed in items of Article 5.1.

           (1)      The fact that the consent of the Data Subject has been obtained to the effect that the Data Subject approves the acquisition by the third party of personal-related information provided by the Company as personal data that may identify the Data Subject.

           (2)      For provision to a third party in a foreign country, in cases where the Company seeks to obtain the Data Subject’s consent referred to in the preceding item, the fact that information on a system for the protection of personal information in the foreign country, information on measures taken by the third party for the protection of personal information and other information that is to serve as a reference for the Data Subject have been provided to the Data Subject in advance pursuant to the provisions of the rules of the Personal Information Protection Commission

13.2      The Company will, when providing personal-related information to a third party, keep and retain records in accordance with Article 31 of the Act.

13.3          The Company shall, when receiving personal-related information provided by a third party, confirm specific matters required and keep and retain records of such confirmation in accordance with Article 31 of the Act.

14.1    The Company shall process personal information in accordance with the standards designated in the rules of the Personal Information Protection Commission, when producing pseudonymously processed information (meaning that defined in Article 2, paragraph 5 of the Act, and limited to that constituting pseudonymously processed information database, etc. defined in Article 16, paragraph 5 of the Act; hereinafter the same shall apply).

14.2    When the Company produces pseudonymously processed information or acquires pseudonymously processed information and deleted information, etc. (meaning that defined in Article 41, paragraph 2 of the Act; hereinafter the same shall apply) pertaining thereto, the Company shall take measures for the safety management of deleted information, etc. as those required to prevent leakage of deleted information, etc. in accordance with the standards designated in the rules of the Personal Information Protection Commission.

14.3    The Company will follow the provisions below with respect to pseudonymously processed information (limited to that being personal information; hereinafter the same shall apply in this Article 14.3).

           (1)      Notwithstanding the provisions of Article 5.1, the Company will not handle pseudonymously processed information beyond the extent necessary to achieve any use purpose, except as based on laws and regulations.

           (2)      For the application of Article 4 with respect to pseudonymously processed information, the phrase “change … to the extent reasonably deemed relevant” in the same Article shall be replaced with “change,” and the phrase “notify … of the change personally or via announcement” shall be replaced with “notify … of the change via announcement,” respectively.

           (3)      Notwithstanding the provisions of Articles 9.1 through 9.3, the Company will not provide third parties with personal data in the form of pseudonymously processed information, except as based on laws and regulations; provided, however, that the cases listed in items of Article 9.1 do not fall under the provision to third parties set forth in the foregoing.

           (4)      In handling pseudonymously processed information, the Company shall not collate such pseudonymously processed information with other information to identify the Data Subject of personal information used to produce the pseudonymously processed information.

           (5)      In handling pseudonymously processed information, the Company shall not use contact or other information contained in such pseudonymously processed information to make a call, send any item by postal mail or correspondence delivery, deliver a telegram, send any information by fax or electromagnetic means, or visit a house.

           (6)      The provisions of Article 8 and Articles 10 through 12 shall not apply with respect to pseudonymously processed information.

14.4    The Company will follow the provisions below with respect to pseudonymously processed information (excluding that being personal information; hereinafter the same shall apply in this Article 14.4).

           (1)      The Company will not provide pseudonymously processed information to third parties except as based on laws and regulations; provided, however, that the cases listed in items of Article 9.1 do not fall under the provision to third parties set forth in the foregoing.

           (2)      The Company will supervise its employees in a necessary and appropriate manner so that pseudonymously processed information is safely managed and protected against risks such as leakage. The Company, when outsourcing the handling of pseudonymously processed information, in whole or in part, will also provide necessary and appropriate supervision so that personal information is safely managed by the outsourcer.

           (3)      In handling pseudonymously processed information, the Company shall not acquire deleted information, etc. or collate such pseudonymously processed information with other information to identify the Data Subject of personal information used to produce the pseudonymously processed information.

           (4)      In handling pseudonymously processed information, the Company shall not use contact or other information contained in such pseudonymously processed information to make a call, send any item by postal mail or correspondence delivery, deliver a telegram, send any information by fax or electromagnetic means, or visit a house.

15.1    The Company shall process personal information in accordance with the standards designated in the rules of the Personal Information Protection Commission, when producing anonymously processed information (meaning that defined in Article 2, paragraph 6 of the Act, and limited to that constituting anonymously processed information database, etc. defined in Article 16, paragraph 6 of the Act; hereinafter the same shall apply).

15.2    The Company will, when producing anonymously processed information, take measures for safety management in accordance with the standards designated in the rules of the Personal Information Protection Commission.

15.3    The Company will, when producing anonymously processed information, make public the items of information about individuals contained in such anonymously processed information as set forth in the rules of the Personal Information Protection Commission.

15.4    When the Company provides a third party with anonymously processed information (including that produced by the Company and that provided to the Company by third parties; hereinafter the same shall apply unless otherwise provided for), the Company will make public the items of information about individuals contained in the anonymously processed information to be provided to the third party and the method of provision thereof in advance as set forth in the rules of the Personal Information Protection Commission, and clearly indicate to the third party that the information so provided is anonymously processed information.

15.5    In handling anonymously processed information, the Company shall not (i) collate the anonymously processed information with other information; or (ii) acquire information on descriptions and other elements or individual identification codes deleted from such personal information, or on the method of processing carried out pursuant to the provisions of Article 43, paragraph 1 of the Act (with (ii) applying only to anonymously processed information provided by third parties) to identify the Data Subject of personal information used to produce anonymously processed information.

15.6          The Company shall take necessary and appropriate measures for the safety management of anonymously processed information, as well as necessary measures to ensure that complaints about production and other handling of anonymously processed information are dealt with and anonymously processed information is otherwise handled properly, and endeavor to make public the details of those measures.

For the Services, Cookies and other similar technologies may be used. These technologies are useful for the Company to grasp information such as that on the usage of the Services, and contribute to service improvement. Users who choose to disable Cookies may change their browser settings; provided, however, that once Cookies are disabled, the users may not use some functions of the Services.

For requests for disclosure or other action, comments, questions, complaints to be raised or other inquiries about the handling of personal information, please contact the Company at the following contact point:

[Name, address and name of the representative of the personal information handling business operator]

22SKY BLDG. 302, 3-19-13 Minami-Azabu, Minato-ku, Tokyo 106-0047

Tangerine Inc. (Kiyoto Hirai, Representative Director)

Contact point for inquiries

E-mail:    info@tangerine.io

The Company shall review operational status related to the handling of personal information from time to time to continuously improve the status, and may amend the Privacy Policy as needed.

[Established on April 1, 2017]

[Revised on April 1, 2022]