Elix, Inc. (hereinafter referred to as “the Company”) recognizes the importance of personal information protection and complies with the Act on the Protection of Personal Information (hereinafter referred to as the “Personal Information Protection Act”). We will strive for appropriate handling and protection in accordance with our Privacy Policy (“Privacy Policy”). In addition, unless otherwise specified in this privacy policy, the definition of terms in this privacy policy complies with the provisions of the Personal Information Protection Act.
1.Definition of personal information
In this privacy policy, personal information shall mean personal information as defined by Article 2.1 of the Personal Information Protection Act.
2. Purpose of use of personal information
We use personal information for the following purposes.
- For the provision of our services
- For responding to inquiries and inquiries regarding our services
- For information on our products and services
- To respond to acts in violation of our terms, policies, etc. (hereinafter referred to as “Terms etc.”) regarding our services
- To notify of changes in the terms and conditions of our service
- For analysis of information related to user service usage status, to use it to improve our services, develop new services, etc.
- To conduct customer questionnaire surveys, monitoring, and interviews
- To conduct surveys required to promote and improve public relations and IR activities
- For employment management and internal procedures (about personal information of executives and employees), for selection and communication in recruiting activities (about personal information of applicants), for supporting the acquisition of the necessary entry visas and work permits
- For managing shareholders, company law and other legal procedures (about personal information of shareholders, holders of stock acquisition rights, etc.)
- In order to create statistical data that has been processed into a form that does not identify an individual in connection with our services
- For other purposes incidental to the above purpose of use
3.Change purpose of personal information usage
The Company may change the purpose of use of personal information within the range of reasonable recognition as having relevance, and if it changes, the individual who is the subject of personal information (hereinafter referred to as “the person”) Inform or announce.
4. Limitation of personal information usage
4.1 The Company do not handle personal information beyond the scope necessary for achieving the purpose of use without obtaining the consent of the person, except as permitted by the Personal Information Protection Act and other laws and regulations. However, this is not the case in the following cases.
- When based on laws and regulations
- When it is necessary to protect the life, body or property of a person and it is difficult to obtain the consent of the person
- When it is particularly necessary to improve public health or promote the sound development of children, and it is difficult to obtain the person’s consent
- In cases where it is necessary for a national organization or a local public entity or a person who receives the commission to cooperate in carrying out the office work prescribed by law, the execution of the office work by obtaining the consent of the person When there is a risk of affecting
- When personal data are provided to academic research institutes, etc., and the respective academic research institute needs to handle personal data for academic research (including when part of the purpose of handling the respective personal data is academic research, but excluding cases that may involve unreasonable infringement on an individual’s rights and interests.).
4.2 We will not use personal information in any way that may encourage or induce illegal or unjust acts.
5. Proper acquisition of personal information
5.1 We properly acquire personal information and do not acquire it by false or other fraudulent means.
5.2 We do not acquire sensitive personal information (meaning what is defined in Article 2, Paragraph 3 of the Personal Information Protection Act) without the consent of the person in advance except in the following cases.
- When it corresponds to any of the items in paragraph 4.1, Item (a) to Item (d)
- When sensitive personal information is obtained from academic research institutes, and when the academic research institute needs to handle the sensitive personal information for academic research (including when part of the purpose of handling the respective sensitive personal information is academic research, but excluding cases that may involve unreasonable infringement on an individual’s rights and interests) (Limited to cases in which the entity handling personal information and the academic research institute are conducting joint academic research.)
- The personal information required to be considered is disclosed by the person, a national organization, a local public entity, academic research institutes, etc.; a person listed in each item of Article 57, Paragraph 1 of the Personal Information Protection Act, or any person specified by the rules of the Personal Information Protection Committee If
- In the case of acquiring personal information in consideration that is clearly visible on the outside by observing the person or photographing the person
- In the case of receiving the provision of personal information requiring consideration from a third party, and the provision by the third party falls under any of the items in paragraph 8.1.
5.3 When receiving the provision of personal information from a third party, the Company will confirm the following matters in accordance with the rules of the Personal Information Protection Committee. Provided, however, that the provision of the personal information by the third party falls under any of the items in Section 4.1 or the items in any of Section 8.1.
- The name or address of the third party concerned, and the name of the representative (in the case of a non-corporate group that has a representative or custodian of a representative, the representative or custodian of the representative)
- Process of acquisition of the personal information by the third party
6. Safe management of personal information
We provide necessary and appropriate oversight to our employees so that personal information can be safely managed against risks such as loss, destruction, falsification and leakage of personal information. In addition, when outsourcing the handling of personal information in whole or in part, the Company will provide necessary and appropriate supervision so that the personal information can be managed safely at the outsourcing company.The details of specific safety management measures related to personal data held by the Company are as follows. Basic policy measures Formulate this privacy policy as a basic policy for “compliance with related laws and guidelines” and “contact details for questions and complaints” to ensure appropriate handling of personal data.
Establishment of rules for handling personal data
Establish basic handling methods for the acquisition, use, and storage of personal data. Organizational safety management measures
- Supervisors check that personal data are handled in accordance with the established handling methods.
- Establish a reporting and communication system from employees to supervisors.
Human safety management measures
- Conduct regular training for employees on points to note regarding handling of personal data.
- Describe matters regarding the maintenance of personal data confidentiality per Rules for the Management of Confidential Information.
Physical safety management measures
- Implement measures to prevent easy access to personal data by persons other than employees able to handle personal data and the relevant person.
- Adopt measures to prevent theft or loss of devices, electronic media, and paper documents that include personal data, and implement measures that prevent easy discovery of personal data when devices or electronic media are carried, including movement within the office area.
Technological safety management measures
- Identify the devices that are able to handle personal data and employees that handle those devices, to prevent unnecessary access to personal data.
- Introduce mechanisms that protect against unauthorized access from external sources or unauthorized software access to devices that handle personal data.
7. Reports in the event of a data leak
In the event of situations such as a leak, loss, or damage to personal information handled by the Company, we will report the event to the Personal Information Protection Committee and notify the relevant person in accordance with the provisions of the Personal Information Protection Act, when such actions are required.
8. Third party offer
8.1 We do not provide personal information to third parties without the prior consent of the person, except in cases where any of the items in paragraph 4.1 applies. However, the following cases do not fall under the provision to a third party specified above.
- In the case where personal information is provided along with entrustment of all or part of the handling of personal information within the range necessary for achieving the purpose of use
- When personal information is provided upon succession of business due to merger or other reasons
- In the case of joint use based on the provisions of the Personal Information Protection Act
8.2 Notwithstanding the provision of paragraph 8.1, except in cases where any of the items in paragraph 4.1 apply, the company is designated as foreign (specified by the rules of the Personal Information Protection Committee under Article 24 of the Personal Information Protection Act). The third party (except those who maintain a system that conforms to the standards specified in the Personal Information Protection Committee rules based on Article 24 of the Personal Information Protection Law) In the case of providing an offer, the consent of the person will be obtained in advance to acknowledge the offer to a third party located in a foreign country.
8.3 When the person’s consent has been obtained for the provision of information to a third party in a foreign country, pursuant to the provisions of 8.2, information on the following matters will be provided to the person. However, when the matters in Item (a) cannot be specified, we will state that the matters in Item (a) cannot be specified and its reason, also information that could serve as reference for the person in place of the matters in Item (a) and Item (b), and we will provide the relevant information.
- Name of the foreign country
- Information on systems related to the protection of personal information in the foreign country
- Information on measures to protect personal information adopted by the third party (if the information cannot be provided, the Company will state as such and state the reason).
8.4 When we provide personal information to a third party, we will create and store records in accordance with Article 29 of the Personal Information Protection Act.
8.5 When receiving the provision of personal information from a third party, the Company shall perform the necessary confirmation in accordance with Article 30 of the Personal Information Protection Act, and shall prepare and store a record pertaining to the said confirmation.
9. Disclosure of personal information
9.1 When the Company requests disclosure of personal information based on the Personal Information Protection Act, the Company will disclose it without delay, confirming that it is a request from the individual (We will notify you when the personal information does not exist.) However, this does not apply if the Company is not obligated to disclose due to the Personal Information Protection Act and other laws and regulations.
9.2 The provisions in the previous paragraph also apply to records about provision of personal information that identifies the person to third parties created based on the provisions of section 8.4, and records about provision of personal information that identifies the person from third parties created based on the provisions of section 8.5.
10. Correction of personal information, etc.
If the Company requests correction, addition or deletion (hereinafter referred to as “correction, etc.”) of its contents based on the provisions of the Personal Information Protection Act on the ground that the personal information is not true. Necessary surveys are conducted without delay within the range necessary for achieving the purpose of use after confirming that it is a request from the person himself, and the contents of personal information are corrected based on the results. We will notify the person to that effect (If we decide not to make corrections, we will notify the person to that effect.) However, this does not apply if the Company is not obligated to make corrections, etc. due to the Personal Information Protection Act or other laws and regulations.
11. Suspension of use of personal information, etc.
If (1) the Company is requested to suspend the use of or delete personal information (hereinafter referred to as Suspend Use) based on the provisions of the Personal Information Protection Act by the person, because the person’s personal information is handled beyond the scope of the purpose of use published in advance or because it is used in any way that may encourage or induce illegal or unjust acts, or the person’s personal information was obtained by false or other means of fraud; (2) the Company is requested to suspend provision of the personal information based on the provisions of the Personal Information Protection Act (hereinafter referred to as Suspend Provision), because the personal information was provided to a third party without the person’s consent; or (3) the Company no longer needs to use the person’s personal information, and is requested to Suspend Use or Suspend Provision based on the provisions of the Personal Information Protection Act because the events stipulated in Article 26, Paragraph 1 of the Personal Information Protection Act have occurred pertaining to the person’s personal information, or due to reasons applicable to cases in which the person’s rights or legitimate interests may be harmed by handling the person’s personal information, and when it is clarified that there is a reason for the request, and it has been confirmed that there has been such a request, we will Suspend Use or Suspend Provision of personal information without delay, and notify the person to that effect. However, this does not apply if the Company is not obligated to Suspend Use or Suspend Provision under the Personal Information Protection Act or other laws and regulations.
12. Use of cookies and other technologies
Our services may use cookies and similar technologies. These technologies help us to understand the use of our services and contribute to service improvement. Users who want to disable cookies can disable cookies by changing the settings of the web browser. However, disabling cookies may prevent you from using certain features of our service.
13. Contact us
For inquiries regarding disclosure requests, comments, questions, complaints, and other handling of personal information, please contact the contact below.
Daini Togo Park Building 3F, 8-34 Yonbancho, Chiyoda-ku, Tokyo 102-0081 Japan
To Elix, Inc. Corporate Planning Department
14. Continuous improvement
We will review the operation situation regarding the handling of personal information as appropriate and strive for continuous improvement, and may change this privacy policy as necessary.
[Amend on April 1, 2022]
[Set on February 28, 2019]