Privacy Policy

Privacy Policy

Regarding the handling of personal information and privacy that we may obtain, we have established the Personal Information Protection Policy (hereinafter referred to as the ” Privacy Policy”), and we will strive to maintain and improve the security of the management of personal information and comply with the Personal Information Protection Law of Japan, GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act) and other relevant domestic and foreign laws, regulations, guidelines and this Privacy Policy.

Definition

“Personal information” in this Privacy Policy refers to information regarding a living individual that can be used to identify the specific individual and falls under one of the following categories: name or description such as date of birth, basic pension number or insurance card number or other number or symbol, online identifier (IP address, cookie identifier), commercial information or biological authentication information such as fingerprints or voice prints.

Consent

Customers of our products or services are deemed to have agreed to the handling of their Personal information in accordance with this Privacy Policy by reading this Privacy Policy in advance and using such products or services without any expressed objection. If you do not agree with this Privacy policy, you may choose not to provide us with your personal information. In such case, you may not be able to use all or a part of the relevant products or services.

Amendment

In order to maintain and improve our personal information management, we reserve the right to change this Privacy Policy without notice. In the event of any changes to this Privacy Policy, we will announce the details of the changes and when they will take effect. By continuing to use the Service without expressed objection, Customers of the products or services will be deemed to have consented to the handling of their personal information after the changes based on such amendments.

Acquisition

When acquiring personal information, to the minimum necessary for the purpose of use, we shall obtain it properly with the consent of an individual or from a third party who has the legitimate title hereof.

Specific Information

We will not acquire the following specific personal information unless we have obtained the prior consent of the individual to that effect.

  1. Race
  2. Creed
  3. Social Status
  4. Medical history
  5. Criminal history
  6. Fact that the person has suffered harm because of the criminal act.
  7. Fact that criminal procedure has been brought against the person.
  8. Sex life or sexual orientation
  9. Criminal history
  10. Trade union membership

Purpose of Use

When handling personal information, we shall specify the purpose for which the personal information is to be used, shall notify or publicly announce such purpose in advance at the time of acquisition of the personal information, shall handle the personal information only within the scope of such purpose, and shall not use the personal information for any purpose other than such purpose.

Automatic Acquisition

In the course of providing Internet-based services, we may automatically collect the following personal information in order to initiate and maintain the communication connections required for such systems.

  1. The global IP address and port number of the Customer’s communications terminal
  2. OS, browser, hardware device, and language settings of the user’s communications terminal
  3. Screen information of the monitor used by the Customer ‘s communications terminal (screen resolution, monitor size, etc.)
  4. Other information automatically obtained for the operation of the communications protocol and JavaScript.

Use of Cookie

While providing Internet-based services, for the purpose of improving the quality of our services, we may use cookies to automatically obtain personal information, such as Customers’ browsing history and logs. However, provided that, recognizing the rights of automated individual decision-making, Except with the explicit consent of the individual or as otherwise provided for in Article 22(2) of the GDPR, we shall not make decisions based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects.

Cookies refer to information stored in a customer’s web browser and the protocols used to communicate with the Service to help identify accessing users and store custom settings and provide services customized to their preferences.

Users at any time may set their web browsers to refuse all cookies or to indicate upon transmission of a cookie to that effect. However, if you do not accept cookies, you may not be able to use certain features of the service.

Security Measures

In addition to appointing a Data Protection Officer, we shall implement technological, organizational, and operational security control measures to ensure the integrity and security of the Personal information and make our best effort to ensure that the Personal information in our possession is accurate and up-to-date to the extent necessary for the purposes for which it is used.

Provision

We shall not provide personal information to third parties unless we have obtained the prior consent of the Customer. However, we may provide personal information to a third party except in the following cases (with respect to (2) and (3), only when possible consent from the customer is difficult to obtain).

  1. In accordance with the Personal Information Protection Law or other laws and regulations.
  2. When required to protect the life, body, or property of an individual.
  3. When especially necessary to improve public health or to promote the sound growth of children.

Notwithstanding the above, personal data may be provided to third parties within the scope of the purposes for which the personal data is used, in addition to the following cases and only with the consent of the Customer concerned.

  1. When the service is operated on an external server or cloud service.
  2. When obtaining necessary information for services from a third party through inspection, inquiry, or other means.
  3. When outsourcing the management of personal information to an external party under our supervision.
  4. When we receive a request from a regulatory or judicial agency based on laws and regulations.

Provision to Abroad

We may provide personal information in our possession to third parties in foreign countries within the scope of the “Purposes of Use of Personal Information” and “Provision of Personal Information to Third Parties” above, if any of the following conditions are satisfied. However, provided that, when personal information located within the EU is transferred to a third country outside the EU, an appropriate level of protection shall be ensured through the conclusion of standard contractual clauses or other measures in accordance with the decisions of the European Commission.

  1. Where the third party is in a country that is specified by the Enforcement Rules for the Act on the Protection of Personal Information as a country with a personal information protection system at the same level as that of Japan
  2. Where the Third Party has established a system that conforms to the standards established by the Enforcement Rules for the Act on the Protection of Personal Information as a system equivalent to those to be taken by business entities handling personal information.

Disposal

When the “purpose of use of personal information” has been accomplished, we will dispose of such personal information in an unrecoverable manner, except in cases where record retention is required by law (e.g., Article 29.2 of the Personal Information Protection Law).

Disclosure / Revision Request

If any of the following requests are made by the person whose personal information is held, we will disclose or correct the relevant personal information in portable data format compatible with Article 20 of the GDPR based on the request. In such cases, the actual cost may be charged as a handling fee.

  1. request for disclosure of the individual’s personal information
  2. request for correction of the individual’s personal information

However, provided that, disclosure may not be possible in the following cases.

  1. If there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party.
  2. If it may cause significant hindrance to the proper conduct of our business
  3. If disclosure of personal information would violate the Personal Information Protection Law or other laws and regulations.

Request for Suspension of Use / Restriction on Use / Disposal

If we receive any of the following requests from the individual, we will promptly conduct the necessary investigation, and if there is a reason for the request, we will stop using, restrict, or dispose of the personal information in accordance with the request.

  1. request for suspension of use of the individual’s personal information
  2. request to restrict the use of the individual’s personal information
  3. request for destruction of the individual’s personal information
  4. request for filing a complaint with a supervisory authority

Contact

Please contact the following for any inquiries regarding personal information.

expms@exri.co.jp