Soramitsu CBDC Privacy Policy

Soramitsu CBDC Privacy Policy

Soramitsu, Co., Ltd. (the "Company") sets forth this Privacy Policy (this "Policy") with regard to the treatment of information related to the User, including but not limited to personal information, in the course of the performance of Service provided through the Soramitsu CBDC smartphone application (the “Application”) by the Company (the "Service"), as follows:

The Service uses proprietary blockchain technology "Hyperledger Iroha 2" to strictly manage TLS-encrypted user information provided by users and provides users with a trading environment for virtual currencies that can be used in Japan.

The definitions of words and phrases used in this Policy are subject to the Act on the Protection of Personal Information (APPI) and other related laws and regulations of Japan, except for those specifically defined in the text.

1. Compliance with relevant laws, regulations, guidelines

The company will comply with the laws and regulations of Japan and this policy, and will acquire user information, including user personal information, by appropriate means and handle the acquired User Information appropriately.

2. Name, contact information

Name of business: Soramitsu, Co., Ltd.
Contact: as described in section 12.

3. User Information to be Collected and Method of Collection

For purposes of this Policy, "User Information" means information identifying users, history of actions in the Service and other information created or accumulated in relation to users or their smartphone devices, that are collected by the Company pursuant to this Policy.

The User Information that the Company may collect in the course of the Service is as follows, depending on the method of collection.

1. Information provided by the user.
The information to be provided by the user for the use of the Service is as follows:
a. Name, date of birth, sex, occupation, and other profile information;
b. Telephone number, address and other contact information;
c. Information of image containing the user's portrait;
d. Information transmitted by the user through registration and verification or other methods specified by the Company.
2. Information provided by the user for Application authentication by means of proprietary services.
The information to be provided by the user any time they log in to their personal Application account designated for the use of the Service by means of proprietary services is as follows:
a. Email address.
3. Information provided by the user for Application authentication by means of Google services.
The information to be provided by the user any time they log in to their personal Application account designated for the use of the Service by means of Google services is optional, and includes the following:
a. Email address;
b. Name on their Google account profile.
4. Information automatically collected by the Company in the course of the user's use of the Service.
The Company may collect information regarding access to or use of the Service, which includes the following:
a. Date and time of the Application's use;
b. Information regarding server access logs;
c. IP addresses (collected in the form of inclusion in the server access logs);
d. Screen usage report;
e. Information on devices such as smartphones and PCs;
f. Anonymized crash information reports.
5. Information collected based on user's individual consent by the Company in the course of the user's use of the Service.
a. The QR Code image and metadata (file format, image size, etc.) associated with the QR Code image only when access to the photo library on the user's smartphone or PC device is permitted.
6. Special requirements for accounts willing to pass voluntary account verification for purposes of removing transaction limits or similar functionality of the Application.
For exclusively this purpose, the Company may collect additional information by means of accessing digital files stored on the user’s smartphone device, and containing photo or scanned copies of legal documents, including:
a. Personal ID (e.g., passport, driver's license, etc.).

4. User Information Shared Between Application Users

The only information shared between users of the Application is their personal unique Account ID. The Application provides no interface or functionality for sharing any other type of user information.

5. Purpose of Use

Specific purposes of use of the User Information for the provision of the Service are as follows:
1. Provision, maintenance, protection and improvement of the Service, including but not limited to acceptance of registration for the Service, identification of user settings and payment of use fees that are related to the Service;
2. Measurement of internet traffic volume and actions of the user, only related to the use of Application;
3. Reading and saving QR codes related to the Service;
4. Guidance and response to inquiries relating to the Service;
5. Addressing a violation of rules, regulations or policies of the Company relating to the Service;
6. Notice of modification to the Rules or related matters;
7. Sending emails to the users, these exclusively contain notifications related to the use of the Service;
8. Purposes incidental to the above purposes of use.

6. Explicit Exclusions from Purpose of Use

The Company does not collect, use, or share User Information for any advertising-related activities. Its data collection and use practices are focused solely on providing and improving the Service, and the Company is committed to protecting the privacy and security of User Information related to all of its users.

Specific purposes of use of the User Information for the provision of the Service explicitly exclude the following:
1. Serving targeted advertisements;
2. Creating user profiles for ad targeting;
3. Selling or renting User Information to third-party advertisers.

7. Method of Notice, Publication and Consent; Method of Requiring Discontinuance of Use

1. The user's consent must be obtained before collecting the following user information:
a. Access rights to the photo library on the user's smartphone device.
b. Access rights to the camera on the user’s smartphone device, and the data that contains photo and video imagery captured by the camera during the Application use.
2. The user may require the Company to discontinue the collection or use of all or part of the User Information by contacting the Company by means of postal or electronic mail, and promptly upon such request the Company shall discontinue such collection or use in accordance with the rules prescribed by the Company. Certain User Information is necessary to be collected or used for providing the Service, and the Company shall discontinue such collection or use only if the user withdraws from the Service pursuant to the procedures as determined by the Company.

8. Outside Transmissions; Information Collection Modules

1. Outside Transmissions.
Information acquired by the Company based on the clause 3 above will be transferred to the Company's server or the server of the provider of the information collection module as described in 8.2, using TLS encryption, and will be used within the scope of the purpose of the Service.
2. Information Collection Modules.
The following information collection modules are incorporated into the Service. Thus, the Company provides the User Information to the providers (including but not limited to those outside Japan) of such information collection modules in accordance with the following descriptions:
a. Name of Information Collection Module: Firebase SDK
b. Provider of Information Collection Module: Google LLC
c. Purposes of Use by above Provider: To notify Users; to survey trends on use.

9. Provision of Personal Information to Third Parties

1. The Company shall not provide personal information to any third party (including those outside Japan) without the prior consent of the user, except where such provision is required due to any of the following circumstances. In the case that the Company provides user information that does not fall under the category of personal information to a third party, the Company will provide such user information after anonymizing it.
2. The Company authorizes such third party to handle the personal information in whole or in part to the extent necessary to accomplish the purpose of the use.
3. The Company is required to cooperate with state or local governmental organizations or their agents to perform their duties or obligations pursuant to applicable laws and regulations, and such performance is likely to be precluded if the consent of the user must be obtained;
4. In addition to the foregoing, the Company is entitled to provide information pursuant to the laws and regulations of Japan or other applicable laws and regulations.

10. Disclosure of Personal Information

Upon request from the User to disclose its personal information under the laws and regulations of Japan, the Company shall, without delay, disclose to the user such information (or, in the event of non-existence of such personal information, notify the user to that effect) after confirming that the request is made by the user itself, to the extent required to do so under the laws and regulations of Japan.

11. Correction, Suspension of Use of Personal Information

If the Company is required pursuant to the provisions of the laws and regulations of Japan by the user to a.) correct the content of personal information due to the reason that such information is false, or b.) suspend use of personal information due to the reason that such information is being handled beyond the scope of the purpose of the use previously made public, or has been collected in a fraudulent or otherwise illicit manner, then the Company shall, without delay after confirming that the request is made by the user itself, conduct an appropriate investigation and based on the results thereof, correct the content or suspend the use of such personal information, and notify the party to that effect.

12. Inquiries

Any suggestions, questions, complaints, or other inquiries on the handling of the User Information must be addressed to:
a. Address: Link Square Shinjuku 16F, 5-27-5 Sendagaya, Shibuya-ku, Tokyo 151-0051, Japan
b. Company Name: Soramitsu Co., Ltd.
c. Contact Information: info@soramitsu.co.jp

13. Procedure to Amend this Privacy Policy

The Company may amend this Privacy Policy as necessary; provided, however, that in the event of an amendment to this Privacy Policy that legally requires the consent of the user, the Company shall inform the effective time and content of the amended Privacy Policy by posting on the website of the Company or other appropriate way, or notify the user of the same.

This Policy shall be executed in the English language. English shall be the governing language and any translation of this Policy into any other language is for convenience of reference only and shall not bind the parties hereto.