Privacy Policy

User Information Privacy Policy

Globify Inc. (hereinafter referred to as "the Company", “we”) recognizes the importance of protecting personal information and will comply with the laws regarding the protection of personal information (hereinafter referred to as "the Personal Information Protection Law"). In accordance with the following Privacy Policy (hereinafter referred to as "this Privacy Policy"), we will endeavor to handle and protect personal information appropriately. Unless otherwise specified in this Privacy Policy, the definitions of terms in this Privacy Policy shall follow the provisions of the Personal Information Protection Law.

1. Definition of Personal Information

In this Privacy Policy, "personal information" shall mean personal information as defined by Article 2, Paragraph 1 of the Personal Information Protection Law.

2. Purposes for Using Personal Information

The Company will use personal information for the following purposes:

1. For the provision of services offered by the Company (hereinafter referred to as "the Service").
2. For authentication of the individual when logging in, and for the management of user information necessary for the operation of the Service.
3. To provide information related to the Service, and to respond to inquiries, etc.
4. To provide information about the Company's products and the Service.
5. To deal with actions that violate the terms and conditions, policies, etc., of the Service (hereinafter referred to as "Terms, etc.").
6. To deal with disputes and litigation related to the Service.
7. To notify changes in the Terms, etc., related to the Service.
8. To analyze information on the usage of the Service by users, and to customize advertising delivery according to the user's age, occupation, gender, hobbies, etc.
9. To analyze information on the usage of the Service by users, conduct hearings, and utilize this information for the improvement of the Service and the development of new services.
10. To create statistical data in a format that does not allow individual identification, related to the Service.
11. For other purposes incidental to the above-mentioned purposes of use.

3. Methods of Collecting Personal Information

3.1 In providing the Service, the Company collects the following information from users of the Service by the methods listed below:

1. Information to be collected:
   (i) Email address and password required for using the Service, email address and password for content sites required for obtaining user information, and other specific personal identification information that users register.
   (ii) Device ID and other access logs that can identify users as specific individuals.
   
2. Methods of collection:
   (i) Method where the user enters information on the Service.
   (ii) Method where the user enters information on the inquiry form related to the Service.
   (iii) Method of collection when the user utilizes the Service.
   

3.2  The Company will retain the information specified in Article 3.1 (1) during the provision of the Service and even after the end of the provision of the Service. However, the Company shall endeavor to promptly delete such information when it is no longer necessary to use it.

4. Changes to the Purpose of Use of Personal Information

The Company may change the purpose of use of personal information within a range that can reasonably be deemed relevant. If there is a change, the Company will notify or announce to the individual who is the subject of the personal information (hereinafter referred to as "the Individual").

5. Use of Personal Information

5.1 Except in cases permitted by the Personal Information Protection Law and other laws and regulations, the Company will not handle personal information beyond the scope necessary to achieve the purpose of use without the consent of the Individual. However, this does not apply in the following cases:

1. When it is based on laws.
2. When it is necessary to protect the life, body, or property of a person, and it is difficult to obtain the consent of the Individual.
3. When it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the Individual.
4. When it is necessary to cooperate with a national agency, a local government, or an Individual or an entity entrusted by them to perform affairs prescribed by laws, and obtaining the consent of the Individual is likely to impede the execution of the affairs.
5. When providing personal data to academic research institutions, etc., and it is necessary for such institutions to handle the personal data for academic research purposes (including cases where a part of the purpose of handling the personal data is for academic research purposes, excluding cases where there is a possibility of unjustly infringing the rights and interests of Individuals).
   

5. 2 The Company will not use personal information in ways that may promote or induce illegal or unjust acts.

6. Appropriate Acquisition of Personal Information

6.1 The Company will acquire personal information appropriately and will not acquire it by deception or other wrongful means.

6.2 Except in the following cases, the Company will not acquire sensitive personal information (which means information defined in Paragraph 3 of Article 2 of the Personal Information Protection Law) without obtaining the consent of the Individual in advance:

1. If it falls under any of the cases from number 1 to number 4 of Article 5.1.
2. When acquiring sensitive personal information from academic research institutions, etc., and it is necessary to acquire such information for academic research purposes (including cases where a part of the purpose of acquiring the sensitive personal information is for academic research purposes, excluding cases where there is a possibility of unjustly infringing the rights and interests of Individuals) (limited to cases where the personal information handling business operator and the academic research institution, etc., jointly conduct academic research).
3. When the sensitive personal information is made public by the Individual, a national institution, a local public entity, an academic research institution, etc., or those prescribed by the Personal Information Protection Committee rules according to Article 57, Paragraph 1 of the Personal Information Protection Law.
4. When acquiring sensitive personal information by visually observing or photographing the Individual, and it is evident from their appearance.
5. When receiving the provision of sensitive personal information from a third party, and the provision by the third party falls under any of the cases of Article 9.1.
   

6.3 When receiving the provision of personal information from a third party, the Company will confirm the following matters as prescribed by the Personal Information Protection Commission rules. However, this does not apply if the provision of personal information by the third party falls under any of the cases of Article 5.1 or Article 9.1:

1. The name or the name of the third party and address, and in the case of a corporation, the name of its representative (in the case of a non-corporate organization with a prescribed representative or manager, the name of that representative or manager).
2. The circumstances under which the third party acquired the personal information.

7. Security Management of Personal Information

The Company will conduct necessary and appropriate supervision over its employees to ensure the security management of personal information against risks such as loss, destruction, falsification, and leakage. Furthermore, when entrusting all or part of the handling of personal information, the Company will perform necessary and appropriate supervision to ensure that personal information is securely managed at the subcontractor. The specific contents of the safety management measures for the personal data held by the Company are as follows:

Establishment of Basic Policy

• To ensure the proper handling of personal data, this Privacy Policy has been established as a basic policy regarding "compliance with related laws and guidelines", "contact points for questions and complaint processing", etc.
• Organization of disciplines related to the handling of personal data.
• Establishment of handling procedures that define the methods of handling personal data, the person responsible, the person in charge, and their duties. 

Organizational Security Management Measures

• Clarification of storage locations and storage requirements according to the content of personal data.
• Implementation of internal security reviews regarding the handling status of personal data, etc.
• Development of a response flow, investigation, and reporting system in case of incidents such as leakage of personal data, etc.

Human Security Management Measures

• Regular internal education on information security, including personal data through training and drills.
• Physical security management measures
• When disposing of documents and electronic recording media containing personal data, etc., it is done in a way that cannot be restored or cannot be easily restored.‍

Technical Security Management Measures

• Access control is implemented by limiting the employees who are granted access rights to personal information on the cloud, etc. Identification and authentication of Individuals who have accessed personal data, etc., are carried out based on various log information linked to that ID.

8. Reporting in Case of Leakage

When there is an incident of leakage, loss, or damage of personal information handled by the Company, if it is necessary to report to the Personal Information Protection Commission and notify the Individual according to the provisions of the Personal Information Protection Law, such reporting and notification will be carried out.

9. Provision to Third Parties

9.1 Except in cases corresponding to any of the items in Article 5.1, the Company will not provide personal information to a third party without obtaining the Individual's prior consent. However, the following cases do not apply as provision to third parties as defined above:

1. When providing personal information as a result of entrusting all or part of the handling of personal information within the scope necessary to achieve the purpose of use.
2. When personal information is provided in conjunction with the succession of business due to a merger or other reasons.
3. When using personal information jointly based on the provisions of the Personal Information Protection Law.

9.2 Notwithstanding the provisions of Article 9.1, except in cases corresponding to any of the items in Article 5.1, when providing personal information to a third party in a foreign country (excluding countries specified by the Personal Information Protection Commission rules based on Article 28 of the Personal Information Protection Law), the Company will obtain the Individual's prior consent to the provision to the third party in the foreign country.

9.3 When obtaining the Individual's consent for the provision to a third party in a foreign country based on Article 9.2, the Company will provide the Individual with information on the following matters. However, if it is not possible to specify the matter in item 1, instead of the matters in items 1 and 2, information that the matter in item 1 cannot be specified and the reason for this, as well as any information that should be referred to by the Individual if available, will be provided.

1. The name of the relevant foreign country.
2. Information regarding the system for the protection of personal information in the relevant foreign country.
3. Information on the measures for the protection of personal information taken by the third party (if such information cannot be provided, the fact and the reason for this).

9.4 When the Company provides personal information to a third party, it will create and preserve records in accordance with Article 29 of the Personal Information Protection Law.

9.5 When receiving the provision of personal information from a third party, the Company will perform the necessary confirmation in accordance with Article 30 of the Personal Information Protection Law and will create and preserve records concerning such confirmation.

10. Disclosure of Personal Information, etc.

10.1 When the Company is requested to disclose personal information based on the provisions of the Personal Information Protection Law by the Individual, after confirming that the request is from the Individual themself, the Company will disclose the information to the Individual without delay (if the personal information does not exist, the Company will notify the Individual of that fact). However, this does not apply if the Company is not obligated to disclose the information under the Personal Information Protection Law or any other laws.

10.2 The provision of the preceding Article shall apply mutatis mutandis to the records related to the provision to a third party created based on Article 9.4 and the records related to the provision from a third party created based on Article 9.5, which pertain to personal information that can identify the Individual.

11. Correction, etc., of Personal Information

When the Company is requested by the Individual to correct, add, or delete (hereinafter referred to as "corrections, etc.") the content of personal information because it is not true based on the provisions of the Personal Information Protection Law, after confirming that the request is from the Individual themself, the Company will conduct the necessary investigation within the scope necessary to achieve the purpose of use without delay, and based on the results, make corrections, etc., to the content of the personal information and notify the Individual (if a decision is made not to make corrections, etc., the Company will notify the Individual of that decision). However, this does not apply if the Company is not obligated to make corrections, etc., under the Personal Information Protection Law or any other laws.

12. Suspension of Use, etc., of Personal Information

When the Company is requested by the Individual to suspend or erase the use of their personal information (hereinafter referred to as "suspension of use, etc.") because it is being handled beyond the scope of the previously announced purpose of use or used in a way that may promote or induce illegal or wrongful actions, or because the personal information was acquired through deception or other wrongful means, based on the provisions of the Personal Information Protection Law, or to stop the provision (hereinafter referred to as "suspension of provision") because the personal information was provided to a third party without the Individual's consent, or if the Company no longer needs to use the Individual's personal information, if a situation prescribed in the main text of Article 26, Paragraph 1 of the Personal Information Protection Law occurs regarding the Individual's personal information, or if there is a reason to believe that the handling of the Individual's personal information may harm the Individual's rights or legitimate interests, and if it is found that there is a reason for the request, after confirming that the request is from the Individual themself, the Company will immediately suspend the use or provision of personal information and notify the Individual. However, this does not apply if the Company is not obligated to suspend the use or provision under the Personal Information Protection Law or any other laws.

13. Provision of Related Personal Information to Third Parties

13.1 The Company will not provide related personal information (which means what is defined in Article 2, Paragraph 7 of the Personal Information Protection Law, and is limited to what constitutes a related personal information database, etc. as defined in Article 16, Paragraph 7 of the same law. Hereinafter the same.) to a third party as personal data, without first confirming the following matters as prescribed by the Personal Information Protection Commission rules, except in the cases listed in each item of Article 5.1:

1. That the third party's consent to receive the related personal information from the Company and acquire it as personal data that identifies the Individual has been obtained.
2. In the case of provision to a third party in a foreign country, that the Individual has been provided with information that should be referred to by the Individual about the system for the protection of personal information in the relevant foreign country and the measures for the protection of personal information taken by the third party, as prescribed by the Personal Information Protection Commission rules when attempting to obtain the Individual's consent as mentioned in the preceding item.

13.2 When the Company provides related personal information to a third party, it will create and preserve records in accordance with Article 31 of the Personal Information Protection Law.

13.3 When the Company receives the provision of related personal information from a third party, it will perform the necessary confirmation in accordance with Article 31 of the Personal Information Protection Law and will create and preserve records concerning such confirmation.

14. Use of Cookies and Other Technologies

14.1 The Service may use cookies and similar technologies. These technologies are useful for grasping the usage status of the Service by the Company and contribute to the improvement of the Service. Users who wish to disable cookies can do so by changing the settings of their web browsers. However, please note that disabling cookies may result in some functions of the Service becoming unavailable.

14.2 The Company may use Google Analytics. Google Analytics may use cookies and similar technologies to collect data. The collected data is not used or recognized as personal information. For the mechanism by which Google Analytics collects and processes such data, please refer to the following. https://policies.google.com/technologies/partner-sites?hl=en

15. Inquiries

For requests for disclosure, opinions, questions, complaints, or any other inquiries regarding the handling of personal information, please contact us at the following: about.globify.com/contact

16. Continuous Improvement

The Company will periodically review the operational status regarding the handling of personal information and strive for continuous improvement. Accordingly, this Privacy Policy may be changed as necessary.

Updated as of January 5, 2024