Handling of Personal Information
Graffer, Inc., (hereinafter referred to as “Company”) will respect the privacy of its users and handle Personal Information (defined below), including that of its users, in accordance with the following provisions.
Scope of Application
For the purpose of these provisions, “Personal Information” shall mean not only the personal information stated in Paragraph 1 of Article 2 of the Act on the Protection of Personal Information but also any information collected by the Company under these provisions, including but not limited to, information related to identification of a user, action history on communication services (including the information stored in connection with the common service account at the Company for the use of Company’s services (hereinafter referred to as “Graffer Account”), such as application information inputted by a user upon logging into the Graffer Account), or other information generated or accumulated in a user’s terminals, such as a smartphone or PC, in relation to the user or the user’s terminal.
2.Personal Information Collected and Method of Collection
- The Personal Information collected by the Company in the Services shall be the following information depending on each collection method:
(1) Information provided by the user
The information provided by the user for, or through, the use of the Services is as follows:
- Profile information that shall include the personal name, birth date, gender, and office name
- Contact information, such as mail address, phone number, and postal address
- Payment information, such as credit card information (provided, payment management is outsourced to third party payment service providers, and the Company will not directly store such information as credit card number or personal identification number)
- Seal and/or sign registered by a user
- Information recorded in the effective electronic certificate for signature stored in My Number Card
- Information inputted or transmitted by a user through the method prescribed by the Company such as an input form
(2) Information provided by other services to which a user has permitted links
If a user permits links to Google, Line, or other SNS services upon using the Service, the following information will be collected from such external services under the contents agreed by the user upon permission:
- User ID reported to such external service provider
- Other information permitted by the user to be disclosed from such external service provider under the privacy setting thereof
(3) Information collected by the Company in relation to the use of the Service
The Company may collect information concerning access statuses or ways of using the Service by a user, including the following information; provided, however, the Company will not always acquire all items below from all users, and the Company may increase the number of items to be acquired for certain period or conduct random sampling to limit the amount of data acquired:
- Time and date that a user used the Service and browsed URLs in using the Service
- Internet domain name and IP address of a computer terminal that used the Service
- The type of operating system and browser that are used for using the Service
- Referrer information of the use of the Service
- Search keywords used for searching information in the Service
- Locations of clicks and taps upon browsing the Service
- Page scrolling volume upon browsing the Service
- Locations of mouse cursor upon browsing the Service
- Cookies and other identifiers
∗ A user may suspend the Company’s collection of the user’s access status using Google Analytics by disabling Google Analytics in the add-on section of the browser.
∗ Please check the following link for the procedures to disable Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=ja
∗ If a user disables Google Analytics, Google Analytics will be disabled on any website including the Service.
2. The Company will not, in principle, acquire the Personal Information that includes the following matters, except when a user provides it at his/her discretion:
- Matters concerning thought, creed, or religion
- Race, ethnic group, family origin, physical or mental disorder, criminal record, or other matters that may become a cause of social discrimination
- Matters concerning workers’ rights to organize, collective bargaining, or other group actions
- Matters concerning participation in a demonstration, exercise of the right of petition, or other political rights
- Healthcare and sexual life
3.Purpose of Use of Personal Information
The Company will acquire user’s personal and other information within the scope necessary for the smooth operation of the Service. The scope of Personal Information to be collected and the purpose of use shall be as follows. The Company will not use the collected Personal Information for the purposes other than such purpose of use, except when prior consent of the User has been obtained, when a request for disclosure under the laws and regulations has been made, when there are any illegal acts such as threats and unauthorized access, or for any other special reasons.
- Purposes of use of the information provided by a user
- Purposes of use of the information provided by other services to which a user has permitted to be linked
- Purposes of use of the information collected by the Company in relation to the use of the Service
4. Voluntary Provision of Personal Information
A user is not requested to input all information necessary for the Service, however, if the user does not input the information required for the provision of services, the whole or part of the Service may not be available for the user to use.
5. Provision of Personal Information to Third Parties
The Company will not, in principle, provide the Personal Information collected from a user to any third party without the user’s consent. Provided, however, the Company may provide the collected Personal Information to a third party within the scope permitted by the related laws and regulations in the following cases:
- Based on laws and regulations
- When a judicial court, public prosecutors’ office, police, or an institution similar to those requests disclosure of the Personal Information
- When there is a need to protect human life, body, or property, and it is difficult to obtain the user’s consent
- When there is a special need to enhance public health or promote fostering healthy children, and it is difficult to obtain the user’s consent
- When there is a need to cooperate in a central government institution or local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and there is a possibility that obtaining the user’s consent would interfere with the performance of the said affairs
- When the Personal Information is provided upon business succession due to a merger or other reasons, and is handled within the scope of the pre-succession purpose of use
- When the user expressly requests disclosure or provision of the user’s Personal Information to a third party
- When the Company determines that the user would cause disadvantage to a third party
6. Outsourcing of Processing of Personal Information
The Company may outsource the whole or part of handling affairs of Personal Information within the scope of providing the Service. The Company shall be responsible for handling of Personal Information at such outsourcing contractor when there is intentional act or negligence on the part of the Company.
7. Accuracy of Personal Information
The Company shall endeavor to accurately process the Personal Information data provided by a user. Provided, however, the user shall be responsible for accuracy and recency of the Personal Information data.
8. Identity Verification
Upon registration to Graffer Account or use of the Service by a user or when the Company responds to a request for disclosure, correction, deletion, or suspension of use of the Personal Information by the user, the Company will verify personal identification of the said user by information that can identify the user (name, address, phone number, birth date, mail address, member number, password, and/or identity verification document). Provided, however, the Company shall not be liable for the cases when any person other than the user has obtained the information that can identify the user and used such information.
9. Use of Statistically Processed Data
The Company may prepare, based on the Personal Information provided by a user, the statistical data that is processed so that no individual person is identifiable. The Company may freely use such statistical data without any restriction.
10. Modification of Personal Information
In principle, notification of the Purposes of Use of Personal Information, and disclosure, correction, addition or deletion, or suspension of use or provision to a third party of the Personal Information (hereinafter referred to as “Modification of Personal Information”) may be requested only by the user to the Company. Please contact the contact points below for details. Provided, however, the Company may not respond to the Modification of Personal Information in the cases below, and the Company may also charge a fee (500 yen per request (excluding tax)) for the Modification of Personal Information:
- Cases in which there is a possibility of harming the user’s or any third party’s life, body, property or other rights and interests
- Cases in which there is a possibility of interfering seriously with the proper provision of the Service
- Cases of violating other laws or regulations
- Cases when such Modification of Personal Information requires a large amount of expenses
- Cases of information applied for administrative procedures
- Other cases when it is difficult to fulfil the Modification of Personal Information and any necessary alternative measures are taken to protect the user’s rights and interests
The Company may, when it deems necessary, amend, or add any provisions to this Policy at its own discretion at any time without prior notice to the users, except as otherwise provided for in laws and regulations. Upon continuous use of the Service after the amendment of this Policy, a user is deemed to have consented to the amendment or additional provisions of this Policy.
<Contact Point for Personal Information>
Graffer, Inc., Corporate Division, Personal Information Help Desk,
Personal Information Protection Manager, Corporate Division, Manager,
2nd Floor, IN Building, 1-2-3 Sendagaya, Shibuya-ku, Tokyo 151-0051 Japan
Established on March 1, 2018
Amended on October 8, 2020