1．Definition of personal information

Personal information means information relating to a living individual as stipulated in the Act on the Protection of Personal Information (information containing a name, date of birth, or other descriptions etc. whereby a specific individual can be identified and information containing an individual identification code).

2．Purpose of use

We shall be entitled to use the collected personal information for any of the following purposes:

1. Individual certification of users and provision of various services for users;
2. Distribution of various communications and notices associated with the use of users;
3. Contacting and sending a variety of questionnaires, etc., to users, collecting questionnaires from users who have agreed to the questionnaire separately, and executions of work:
4. Contacting and implementation of various campaigns, etc., to users;
5. Distribution of information such as e-mail magazines and various news, etc., to users;
6. Responding to users ‘opinions and inquiries regarding this service;
7. Other matters incidental to each of the preceding items above.;

3．Restriction on the Use of Personal Information

We will not (shall not) handle personal information beyond the scope necessary to achieve the objective of use without the prior consent of the principal. However, this shall not apply to (any of) the following cases:

1. Cases based on laws and regulations
2. Cases in which there is need to protect a human life, body, or fortune, and when it is difficult to obtain a principal’s consent
3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain the principal’s consent.
4. Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs

4．Appropriate acquisition of personal information

We shall obtain personal information appropriately, but not by deception or any other wrongful means.

5．Notice of Purpose of Utilization upon Acquisition of Personal Information

We shall disclose the objective of use of personal information in advance. However, this shall not apply to any of the following cases:

1. Cases in which there is a possibility that informing a principal of, or disclosing to the public, a utilization purpose would harm a principal or third party’s life, body, fortune or other rights and interests
2. Cases in which there is a possibility that informing a principal of, or disclosing to the public, a utilization purpose would harm the rights or the legitimate interest of the said personal information handling business operator
3. Cases in which there is a need to cooperate in regard to a central government organization or a local government performing affairs prescribed by laws and regulations, and when there is a possibility that informing a principal of, or disclosing to the public, a utilization purpose would interfere with the performance of the said affairs
4. Cases in which it can be recognized, judging from the acquisitional circumstances, that a utilization purpose is clear

6．Supervision of Trustees

When we entrust all or part of handling personal information to a outsourcee, we shall require the outsourcee to conclude an contract including confidentiality, and shall exercise necessary and appropriate supervision to ensure the safe control of personal information by the outsourcee.

7．Restriction of Provision to a Third Party

1. Except in the following cases, we will not provide personal information to any third party without the prior consent of the principal.
   1. Cases based on laws and regulations
   2. Cases in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal’s consent
   3. Cases in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal’s consent
   4. Cases in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal’s consent would interfere with the performance of the said affairs
   5. Cases permitted by the Act on the Protection of Personal Information and other laws and regulations
2. The following cases do not fall under the category of a third party prescribed in the previous paragraph.
   1. Cases in which personal information is provided accompanied by a personal information handling business operator entrusting a whole or part of the handling of the personal data within the necessary scope to achieve a utilization purpose
   2. Cases in which personal information is provided accompanied with business succession caused by a merger or other reason
   3. Cases in which personal information to be jointly utilized by a specified person is provided to the specified person, and when a principal has in advance been informed or a state has been in place where a principal can easily know to that effect as well as the categories of the jointly utilized personal information, the scope of a jointly utilizing person, the utilization purpose for the utilizing person and the name or appellation of a person responsible for controlling the said personal information

8． Disclosure of Personal Information

We shall disclose personal information without delay when requested by the user, after confirming such request is made by the user yourself.

Provided that if disclosing fall into any of the following cases, we shall notify such decision without delay.

1. Cases in which there is a possibility of harming a principal or third party’s life, body, fortune or other rights and interests
2. Cases in which there is a possibility of interfering seriously with the said personal information handling business operator implementing its business properly
3. Cases of violating other laws and regulations

9． Correction of Personal Information

If the user request the correction, addition, or deletion of the personal information on the ground that it is not correct, We shall confirm that the request is made the user yourself and then shall conduct necessary investigations without delay within the scope necessary for the achievement of the purpose of use, shall correct, add, or delete the contents of the personal information based on the results of such investigations and notify the user of this amendment accordingly.

10. Suspension of Use of Personal Information, etc.

If the user requests the suspension or deletion of the personal information (hereinafter referred to as “suspension of use, etc.” ) on the ground that itis handled beyond the range of use of purpose previously publicized or the personal information is acquired by deception or any other wrongfully means, we shall confirm that the request is made by the user yourself and then shall conduct necessary investigations without delay, and based on the result, conduct suspension of use, etc. and then notify the user accordingly.

Provided, however, that in cases where it is difficult to suspend the use of personal information due to high costs or other reasons, we may take an alternative means, necessary to protect the rights and profit of the user if available. If the user’s request does not comply with the requirements of the Act on the Protection of Personal Information, we may be unable to meet the user’s request. In addition, we may charge an additional fee to respond to the user’s request.

11．( Security Control Action )

We takes the following measures to ensure the security of personal data (personal information that constitutes a “personal information database, etc.” as defined in the Act on the Protection of Personal Information) held by us.

1. Establishment of basic policies
   In order to ensure the proper handling of personal data, we have formulated basic policies regarding compliance with related laws and guidelines, inquiry desk for questions and complaints, etc.
2. Establishment of the Handling Rules for Security Control of Personal Data
   We have established the handling rules for security control of personal data, including handling methods, responsible persons, persons in charge, and their duties, at each stage of acquisition, use, storage, provision, deletion, disposal, etc.
3. Institutional Safety Control Measures:
   In addition to appointing a person in charge of the handling of personal data, we have clarified the scope of employees handling personal data and the scope of personal data handled by such employees, and a reporting and communication system to the person in charge in the event that facts or signs of violations of laws or handling regulations are detected
4. Human Security Control Measures
   We have provided periodic training to employees on precautions regarding the handling of personal data. We have included matters concerning confidentiality of personal data in employment contracts, etc.
5. Physical Security Control Measures
   In areas where personal data is handled, we have implemented access control for employees and restrictions on equipment brought in, and taken measures to prevent unauthorized persons from viewing personal data.
6. Technical Security Control measures
   We have implemented access control to limit the scope of personnel in charge and the personal information databases handled. Also, we have introduced a system to protect information systems that handle personal data from unauthorized access from outside or unauthorized software.

12. ( Name and address of the business operator handling personal information and the name of its representative )

foriio Inc.
The Corner SHINJUKU 5F, Shinjuku 5-chome-10-15, Shinjuku-ku, Tokyo
160-0022, Japan Hirohito Yamada, Representative Director

13. ( Contact Us )

Please contact the following for inquiries regarding personal information.
support@foriio.com