Effective Date: 2020-06-12
The Service uses blockchain technology "Hyperledger Iroha" to strictly manage TLS-encrypted user information provided by users and provides users with a trading environment for virtual currencies that can be used in the University of Aizu cafeteria and bookstore. Applications for the Service will be used to pay for actual goods and services.
The definitions of words and phrases used in this Policy are subject to the Act on the Protection of Personal Information and related laws and regulations, except for those specifically defined in the text. 1. Compliance with relevant laws, regulations, guidelines
The company will comply with the Personal Information Protection Act and other related laws, guidelines set forth by the Personal Information Protection Committee, and this policy, and will acquire user information, including user personal information, by appropriate means and handle the acquired User Information appropriately. 2. Name, contact information
Name of business: Soramitsu, Co., Ltd.
Contact: as described in 10. 3. User Information to be Collected and Method of Collection
For purposes of this Policy, "User Information" means information identifying users, history of actions in the Service and other information created or accumulated in relation to users or their devices such as smartphone or PC et., that are collected by the Company pursuant to this Policy.
The User Information that the Company may collect in the course of the Service is as follows, depending on the method of collection.
(1) Information provided by the user
The information to be provided by the user for or through the use of the Service is as follows:
a. name, date of birth, sex, occupation, student ID and other profile information;
b. e-mail address, telephone number, address and other contact information;
c. information of image containing the user's portrait; and
d. information transmitted by the user through entrance forms or other methods specified by the Company.
(2) Information automatically collected by the Company in the course of the user's use of the Service
The Company may collect information regarding access to or use of the Service, which includes the following.
a. date and time of the Applications use
b. information regarding server access logs
c. IP addresses (b. Collected in the form of inclusion in the server access logs)
d. screen usage report
e. Information on devices such as smartphones and PCs
f. anonymized crash information reports
(3) Information collected based on user's individual consent by the Company in the course of the user's use of the Service
a. The QR Code image and metadata (file format, image size, etc.) associated with the QR Code image only when access to the photo library on the user's smartphone or PC device is permitted. 4. Purpose of Use
Specific purposes of use of the User Information for the provision of the Service are as follows:
a. Provision, maintenance, protection and improvement of the Service, including but not limited to acceptance of registration for the Service, identification, record of user settings and payment of use fees that are related to the Service;
b. Measurement of traffic and actions of the user
c. Guidance and response to inquiries relating to the Service;
d. Addressing a violation of rules, regulations or policies of the Company relating to the Service (the "Rules");
e. Notice of modification to the Rules or related matters;
f. Reading and saving QR codes related to the Service;
g. Sending emails to the users; and
h. Purposes incidental to the above purposes of use. 5. Method of Notice, Publication and Consent; Method of Requiring Discontinuance of Use
(1) The user's consent must be obtained before collecting the following User Information;
a. access rights to the photo library on the user's smartphone or PC device.
(2)The user may require the Company to discontinue the collection or use of the all or a part of the User Information by choosing the applicable setting as prescribed in the Service, and promptly upon such request the Company shall discontinue such collection or use in accordance with the rules prescribed by the Company. Certain User Information is necessary to be collected or used for providing the Service, and the Company shall discontinue such collection or use of the User Information only if the user withdraws from the Service pursuant to the procedures as determined by the Company. 6. Outside Transmissions; Information Collection Modules
(1) Outside Transmissions
Information acquired by the Company based on the above 3 (excluding the information pertaining to 3(3)) will be transferred to the Company's server or the server of the provider of the information collection module as described in (2) below, using TLS encryption technology, and will be used within the scope of the purpose of the Service.
(2) Information Collection Modules
The following information collection modules are incorporated into the Service. Thus, the Company provides the User Information to the providers (including but not limited to those outside Japan) of such information collection modules in accordance with the following descriptions:
a. Name of Information Collection Module ：Firebase SDK
b. Provider of Information Collection Module：Google LLC
The Company shall not provide to and share with any third party (including the same outside Japan) personal information contained in the User Information without the prior consent of the user, except where such provision is required due to any of the following circumstances. In the case that the Company provides user information that does not fall under the category of personal information to a third party, the Company will provide such user information after anonymizing it.
(1) The Company authorizes such third party to handle the personal information in whole or in part to the extent necessary to accomplish the purpose of the use;
(2) The personal information is provided through a business transfer by way of merger or other similar transactions;
(3) The Company is required to cooperate with state or local governmental organizations or their agents to perform their duties or obligations pursuant to applicable laws and regulations, and such performance is likely to be precluded if the consent of the user must be obtained; and
(4) In addition to the foregoing, the Company is entitled to provide information pursuant to the Act on the Protection of Personal Information or other applicable laws and regulations. 8. Disclosure of Personal Information
Upon request from the user to disclose its personal information under the Act, the Company shall, without delay, disclose to the user such information (or, in the event of non-existence of such personal information, notify the user to that effect) after confirming that the request is made by the user itself, to the extent required to do so under the Act and other applicable laws and regulations. 9. Correction, Suspension and Deletion of Use of Personal Information
(1) Correction and Suspension of Use of Personal Information
If the Company is required pursuant to the provisions of the Act by the user to (a) correct the content of personal information due to the reason that such information is false, or (b) suspend use of personal information due to the reason that such information is being handled beyond the scope of the purpose of the use previously made public, or has been collected in a fraudulent or otherwise illicit manner, then the Company shall, without delay after confirming that the request is made by the user itself, conduct an appropriate investigation and based upon the results thereof, correct the content or suspend the use of such personal information, and notify the party to that effect. In cases where the Company decides not to make such correction or suspension of the use, the Company shall notify the user to that effect.
(2) Deletion of Use of Personal Information
In the event that the Company is required by the user to delete its personal information and has determined that it is necessary to accept such request, the Company shall, after confirming that the request is made by the user itself, delete such personal information and notify the party to that effect.
Should the Company not be obligated to correct, or suspend use of, information under the Act on the Protection of Personal Information and other applicable laws and regulations, Sections (1) and (2) shall not apply. 10. Inquiries
Any suggestions, questions, complaints, or other inquiries on the handling of the User Information must be submitted to:
[Address] Jingumae Tower Building, 1-5-8 Jingumae, Shibuya-ku, Tokyo 150-0001, Japan
[Company Name] Soramitsu Co., Ltd.
[Name of Responsible Person for Handling User Information] Kazumasa Miyazawa
[Contact Information] firstname.lastname@example.org 11. Personal information of minors.
This Policy shall be executed in the Japanese language. Japanese shall be the governing language and any translation of this Policy into any other language is for convenience of reference only and shall not bind the parties hereto.
[Prescribed on June 12, 2020]