Latest Revision Date: 2020.10.16
As follows, OGIS-RI Co., Ltd. (herein referred to as the "Company", "we", "our", or "us") will appropriately handle and protect the personal data of individuals (herein referred to as "User" or"Users") in the EEA and United Kingdom (herein referred to as "Member Countries，etc.") in accordance with applicable EU and UK data protection laws and regulations on data protection, in particular the EU General Data Protection Regulation (REGULATION (EU) 2016/679)* and related laws and regulations (herein referred to as "GDPR, etc.").
*REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
１．Data collected by the Company
（１）Data provided by Users. This includes the following data.
- User information: The Company collects data when Users create or update an account to use our services, or make inquiries regarding our services. This data includes names used in account contact information, e-mail addresses, work addresses, login names, passwords, payment information or bank account information (including related payment verification information).
- Attribute data: The Company may collect attribute data about Users through surveys of the Users of our services, etc.
- Information entered and sent by Users: The Company collects information entered and sent by Users through our services. This data includes information such as the names of third parties, e-mail addresses, workplaces, positions, and other messages that have been uploaded by Users of our services to servers managed by the Company. The Company may use the aforementioned data for purposes of inquiry responses, safety, security, our service improvements, and analytical.
（２）Data created during use of our services. This includes the following data.
- Device data: The Company may collect data about devices used to access our services. This includes hardware models, device IP addresses, operating systems and versions, software, preferred languages, unique device identifiers, advertisement identifiers, serial numbers, device motion data, mobile network data, etc.
- The Company may use the aforementioned data for purpose of inquiry responses, safety, security, product and service improvements, and analytical.
（３）Data from other sources. This includes the following data.
- Data entered and sent to our service by Users for or on behalf of other Users through our services.
- Data provided by our customers: Information provided by our customers when required to carry out consignment work or provide Company services (herein collectively referred to as "Our Services, etc.")
- Information provided by third parties other than Users regarding billings or disputes.
- nformation provided by our business partners through which Users create or access user accounts on our services (payment providers, applications or websites using the Company's API, or whose APIs the Company uses, etc.).
- Information obtained from publicly available sources. The Company may combine the data collected from these sources with other data that we retain.
The Company does not obtain or use sensitive personal data about the Users,such as religious beliefs, health conditions, etc.
２．How we use personal data
The Company uses collected data for the following purposes.
（１）To provide services and functions. The Company uses the aforementioned collected data in order to perform, provide, maintain, and improve Our Services, etc.
This may include using such data for the following purposes.
- Performing or providing Our Services, etc.
- Creating or updating accounts on our services.
- Performing internal operations necessary to perform or provide Our Services, etc., or maintain safety and security of User and our service.
These internal operations include troubleshooting software bugs and operational problems, conducing data analysis, testing, and research.
（２）Responding to inquiries about Our Services, etc. When Users contact us regarding Our Services, etc., the Company uses collected information in order to provide Users with support (including call logs that have been recorded with Users' notification and consent). Purposes include the following.
- Directing questions to the appropriate customer support person
- Investigate and addressing User concerns
- Monitoring and improving the Company's responses to inquiries
（３）Contact for marketing purposes. The Company may use collected data to market Our Services, etc. to Users. This includes sending Users notifications about our services, functions, promotions, drawings, research, surveys, news, updates, and events.
（４）Contact for non-marketing purposes. The Company may use the data we collect to generate and provide users with receipts; inform them of changes to our terms, services, or policies; or send other communications that aren't for the purpose of marketing the services or products of The Company or its partners. The Company may use collected data to generate and provide Users with receipts; inform User of changes to our terms, services, or policies; or send other notifications that aren't for the purpose of marketing the services or products of the Company or our partners.
（５）Legal proceedings and requirements. The Company may use collected information to investigate or address claims or disputes relating to use of our services or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
３．Data Sharing and disclosure
The Company may share collected data under the following conditions.
（１）Sharing with account administrators:
When Users use our services with an account under our customer administration, the Company may share information about usage of our services with the account administrators.
（２）Sharing with our service providers and business partners:
The Company provides data to vendors, consultants, research companies, and other service providers and business partners. These include the following companies.
- Payment processors and intermediaries
- Cloud storage providers
- Data analytics providers
- Research partners, including those performing surveys or research projects in partnership with the Company or on the Company's behalf
- Vendors that assist the Company to enhance the safety and security of our services
- Consultants, lawyers, accountants, and specialized professions providing other services
- Partner companies providing insurance and financial services
（３）Sharing for legal reasons or in the event of a dispute
The Company may share Users' personal data if we believe it's required by applicable law, regulation, operating license or agreement, legal process or governmental request, or where the disclosure is otherwise appropriate due to safety or similar concerns. This includes sharing personal data with law enforcement officials, public health officials, other government authorities, or other third parties as necessary to enforce our Terms of Service, user agreements, or other policies; to protect the Company's rights or property or the rights, safety, or property of others; or in the event of a claim or dispute relating to the use of our services.
In addition, this includes sharing personal data with others in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.
（４）Sharing with consent
The Company may share personal data of Users in cases not noted in this policy if we notify Users and Users consent to the sharing.
４．Data retention and deletion
The Company retains the personal data of Users for the period required to fulfill the purposes noted in "2. How we use personal data." The specific retention period is determined based on the purpose of acquisition and processing, the nature of the personal data, and its necessity for legal or business grounds.
All data will be promptly deleted following the retention period.
Regardless of that noted above, the Company retains data required for regulations, taxes, insurance, litigation, and other legal requirements. In addition, during this retention period, we may use such data for purpose of safety, security, fraud prevention and detection, and research and development.
The Company may be unable to delete User information in specific circumstances. For example, this would include cases relating to unpaid transactions for our services, or unresolved demands or claims. As soon as the issue preventing deletion is resolved, we will delete the User information as stated previously.
In addition, as required, we may retain specific information for purpose of safety,security, or fraud prevention. For example, if the Company deactivates a User account because of unsafe behavior or security incidents, the company may retain certain information about the account to prevent the corresponding User from opening a new User account thereafter.
５．Transfer of personal data to third parties outside of the EEA
The Company may transfer the personal data of Users within Japan for the purposes noted in "2. How we use personal data." When transferring, we will handle information in accordance with "Supplementary Rules under the Act on the Protection of Personal Information for the Handling of Personal Data Transferred from the EU and the United Kingdom based on an Adequacy Decision."
６．Legal Bases for processing
The Company will collect and use personal data only if there is a legal bases. This includes processing personal data of Users for the Company's legitimate interests, those of third parties, to fulfill our legal obligations, or in order to perform or provide Our Services, etc., or based on consent.
The Company will collect and use personal data only if there is one or more legal bases to do so. Such base may vary depending on where Users are located, but generally include processing personal data for the following purposes.
（１）To perform or provide Our Services, etc.
The Company shall collect or use specific personal data in order to perform or provide Our Services, etc. This includes the following data.
- User data that is used to open and maintain accounts for our services
- Information about usage of User accounts for our services
- Information about inquiries
（２）In addition to performing and providing Our Services, etc., for the legitimate interests of the Company or other related parties.
This includes using personal data to maintain and enhance safety and security for Users. For example, we use personal data to prevent use of our services by Users involved in inappropriate or unsafe behavior, such as by retaining banned Users data for the purpose of preventing use of our services by banned Users.
In addition, this includes purposes such as fraud protection measures for Our Services, etc., service maintenance, improvement, research, development, and enforcement of the terms of service for Our Services, etc.
Moreover, it includes using personal data to the extent necessary for the interests of other people or the general public, such as in connection with legal or insurance claims, and to protect the rights and safety of others.
（３）To fulfill our legal obligations
For example, the Company is subject to laws and regulations, and we may be obligated to collect and retain User data relating to use of our services and provide copies of such data to governments, law enforcement officials, and other related officials. We will collect and use personal data to comply with applicable laws.
（４）Sharing with consent
The Company collects and uses personal data with User consent. For example, we may collect personal data through optional surveys. Responses to such surveys will be collected with consent, and will be deleted once the purpose for their collection has been fulfilled.
Users have the following rights in regard to the personal data collected and processed by the Company.
- Right to be informed about processing personal data: If the specific requirements stipulated in the GDPR, etc. are met, Users have the right to be informed about processing personal data from the Company to the extent necessary.
- Right to access: The User has the right to confirm whether the Company is processing the User personal data, and access such data in the case it is doing so.
- Right to rectification: The User has the right to request that the Company make rectifications of any inaccurate the User personal data the Company retains without undue delay.
- Right to erasure: If the specific requirements stipulated in the GDPR, etc. are met, the User have the right to have the User personal data the company retains erased by the Company without undue delay.
- Right to restriction of processing: If the specific requirements stipulated in the GDPR, etc. are met, Users have the right to restrict the Company's processing of the User personal data.
- Right to data portability: If the specific requirements stipulated in the GDPR, etc. are met, the User has the right to receive the User personal data provided to the Company in a structured, commonly used machine-readable format, and to transmit the User personal data to other organizations without hindrance from the Company.
- Right to object: If the specific requirements stipulated in the GDPR, etc. are met, the User has the right to object to processing of the User personal data.
- Right not to be subject to automated decision-making: If the specific requirements stipulated in the GDPR, etc. are met, the User has the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the User or similarly significantly affects the User.
Please see "14. Inquiry Point of Contact and Request Form" regarding exercising of rights. Upon verifying your identity, we will respond in a reasonable time and scope.
８．Withdrawal of consent
After giving consent, the User may then withdraw consent at any time. Please see "14. Inquiry Point of Contact and Request Form" regarding withdrawal of consent.
The legality of processing based on consent prior to withdrawal will not be affected by withdrawal of consent.
９．Appeals to regulatory authorities, etc.
For questions or requests relating to processing of your personal data, please contact the address noted in "14. Inquiry Point of Contact and Request Form."
Users have the right to raise objections about the processing of their personal data with data protection authorities that have jurisdiction in their place of residence. Data protection authorities for each country can be viewed via the below URL.
１０．Influence on provision of personal data
In provided our services to Users, it is necessary to receive the personal data of Users to fulfill legal or contractual requirements, or to execute contracts. While providing personal User data is not obligatory unless stipulated by law, failure to provide such data may make it impossible to provide services (in part or whole).
In addition, when making an inquiry to the Company, it will be necessary to provide your personal data. If your provision is not possible, we may be unable to adequately respond or contact you.
１１．Automated decision making
The Company will not make decisions based solely on automated processing, including profiling on collected personal data, which produces legal effects concerning the User or similarly significantly affects the User.
１２．Relationship between this policy and privacy policies for specific our services, etc.
１３．Changes to this policy
The Company may occasionally change this policy. For substantial or major changes, we will notify Users of the changes through the Website.
１４．Inquiry point of contact and request form
■Request Form : please download form here