Chapter 1 Handling of Personal Information at GRADUS inc.
GRADUS inc. (hereinafter referred to as the "Company") shall comply, regarding the importance of data privacy protection, and in order to maximize public confidence in its business, with the Act on the Protection of Personal Information (Personal Information Protection Law) and other related laws and regulations, handle personal information appropriately and take action for security management.
We will also ensure that personal information is not mishandled, and will properly educate and supervise employees on the appropriate handling of personal information.
The Company will promptly respond to inquiries and complains regarding personal information, and will also continue to review and improve the handling of personal information and our methods for secure management.
2. Scope of Application
3. Purpose of Use
The Company shall only collect personal information to the extent necessary for providing, maintaining and upgrading the Services and for operating Services. The Company uses personal information for the following purposes. It will not be used for any other purpose.
Provision, maintenance and upgrade of the Services and operation of other Services, and provision of services incidental or related thereto.
4. Personal Information Acquired from Users
The Company may acquire the following personal information from users who use the Services.
Name, address and telephone number;
Email address, user ID and delivery information;
Other information which users enter into the form designated by the Company; or
5. Provision of Personal Information to Third Parties
The Company will never provide any personal information to third parties without consent from users, except in the following cases
When the Company has received a formal request for inquiry under laws and regulations from official authorities such as a court or the police;
When it is found that there is an imminent danger to the life, body, or property, etc. of an person and there is an urgent need to provide personal information of such person;
When it is found necessary to provide or share the information for the provision of service(s) which user desires to receive;
When companies entrusted by the Company require the information in order to provide service(s) to users (These companies are not allowed to use the personal information provided by the Company beyond the extent necessary for such purposes.）;
When user has agreed to provide own personal information to a third party.
6. Measures for Security Control of Personal Information
The Company will take appropriate actions to keep personal information accurate and up-to-date.
The Company endeavours to take reasonable measures to protect personal information from unauthorized access, loss, destruction, alteration, or leakage, etc.
It should be noted, that also entrusted subcontractors that handle personal information perform the same strict management. In the event personal information is compromised in any way, the Company will respond quickly and appropriately.
7. Retention Period
The Company shall establish a retention period for the users’ personal information to the extent necessary in accordance with the purpose of use, and promptly delete and dispose the users’ personal information after the expiration of the retention period or after the purpose of use has been achieved.
8. Rights of Users
Users may request the Company to disclose, correct, discontinue using, or delete their own personal information. For further details, users may contact us through the following contact details regarding personal information management. Users residing in some countries including the European Economic Area have the right to submit an inquiry or file a complaint to our lead supervisory authority under the applicable laws and regulations.
For any inquiries regarding the handling of personal information, please contact the following.
Picasso Sakaisuji-Hommachi Bld.2F, 1-8-8, Bakurou-machi, Chuo-ku Osaka-shi, 541-0059
Chapter 2 Handling of Personal Information of EEA Residents
With respect to the handling of personal information of users residing in the European Economic Area consisting of the European Union (EU), Norway, Iceland and Liechtenstein (hereinafter referred to as “EEA”) (hereinafter referred to in this Chapter as the “Users”), the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive “95/46/EC (hereinafter referred to as “GDPR”) shall apply after May 25, 2018. Besides Chapter 1, Chapter 2 also shall be applied to the handling of personal information of users residing in the EEA. In the event any provisions of this Chapter contradict those of Chapter 1, the provisions of this Chapter shall prevail.
2. Purpose of Processing Personal Information
The Company shall collect and process personal information of the Users necessary to provide, maintain and upgrade the Services and to operate other Services only for the following purposes.
Preparation and renewal of user account;
Sending merchandise through the Services;
Provision of information through the Services;
Internal operations required to provide the Services (including the maintenance and management of the system, and troubleshooting for operational problems);
Confirmation of application to subscribe to the Company’s e-mail magazine service and delivery of such e-mail magazine; or
Operation of other Services and provision of services incidental or related thereto.
3. Grounds for Processing Personal Information
The Company shall process personal information of the Users in accordance with the following grounds.
Provision of the Services to Users
The Company must collect and use the following information to provide the Services to the Users.
Profile information necessary to prepare a user account (including the name, address and telephone number of the Users); and
Information necessary to enable the Users to purchase and sell, send, receive, etc. merchandise through the Services (including user ID and delivery information).
Consent from Users
The Company may collect or use personal information of the Users, such as IP addresses and Cookies, with the consent of such Users.
4. User’s Rights
The Users of the Services may request the Company to do the following:
Revocation of consent
As long as the processing of personal information is based on the User’s consent, such Users have the right to revoke their consent in relation to their personal information at any time.
Access to personal information
The Users have the right to seek explanation relating to their personal information. The Users also have the right to receive a copy of their personal information held by the Company.
Correction and deletion of personal information
The Users have the right to seek correction and deletion of their personal information held by the Company.
Restriction on processing
The Users have the right to request the Company to restrict the processing of their personal information.
Right of data portability
The Users have the right to receive their personal information in a structured, commonly-used, and machine-readable format. The Users also has the right to transfer their own personal information in a structured, commonly-used, and machine-readable format to any third party designated by the User.
The Users have the right to file a complaint to a supervisory authority at any time. The Users may be able to check for supervisory authorities with respect to data protection in respective countries. http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
5. Collection of Personal Information while Browsing through the Company’s Website
Information collected by the Company
For the purpose of providing, maintaining, and upgrading the Services or for the purpose of operating other Services, the Company shall collect IP addresses, Cookies, individual identification information of terminals of the Users who came to the Company’s website for the use of the Services. This function of collecting data may be blocked by disabling Cookies; therefore, please check your browser settings. Please note that if Cookies are disabled, it may have some effect on the performance of the Company’s website, and the Company may not be able to provide services or functions expected by the Users.
Third party Cookies
Please refer to the following URL for the details of Cookies used by the Google Analytics on the website. https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Please refer to the following URL for the method on how to block the Google Analytics tracking.
6. Retention Period
The Company shall establish a retention period for the Users’ personal information to the extent necessary in accordance with the purpose of use, and promptly delete and dispose the Users’ personal information after the elapse of the retention period or after the purpose of use has been achieved.
7. Scope of Recipients
The Users’ personal information held by the Company may be disclosed, as below, to third parties other than the Company:
(1) Personal information to be disclosed
The name, address, and telephone number of the Users of the Services who desire to purchase
The name and e-mail address of the Users of the Services
(2) Persons to whom personal information will be disclosed
Users who accept purchase requests
Companies which provide the Service or the e-mail magazine service on behalf of the Company
(3) Period of disclosure
The period from the time of acceptance of a purchase request until merchandise arrives to the Users who desires to purchase.
During the period when the User is using the Service or the e-mail magazine service
As mentioned above, persons who is disclosed User’s personal information (i.e., item (2) above) may not disclose such personal information of the Users (i.e., item (1) above) to any third parties without consent of the Users.
8. Transfer to Outside of the EEA
The Company may provide the Users’ personal information to cloud vendors located outside the EEA (in the U.S.) within the purposes set forth in Chapter 1, Article 3 and Chapter 2, Article 2 hereof. In such case, the Company shall take appropriate protective measures such as executing data processing contracts with such cloud vendors and provide an appropriate level of protection of the Users’ personal information.