Privacy Policy
A3 Inc. (the “Company”, “we”, “our”, “us”) promotes the protection of personal information by establishing the following privacy policy regarding the handling of personal information of the Users of the Company's services (the “User”) and ensuring that all employees are fully aware of the importance of protecting personal information.
Article 1 (Personal Information)
Personal information means information about a living individual that can identify a specific
individual by name, date of birth, or other description, etc., or that contains a personal
identification code, as defined in the Act on the Protection of Personal Information (Act No. 57 of
2003, the “Personal Information Protection Act”).
Article 2 (Acquisition and Use of Personal Information)
The Company acquires personal information of the User and uses the acquired information to the
extent necessary for the following purposes. If the Company intend to use personal information
beyond the scope of the following purposes, the Company will obtain prior consent from the User in
an appropriate manner.
(1) To provide our services (the “Service”)
(2) To improve and enhance the contents of the Service or develop new services
(3) To provide information on new features, updates, campaigns, etc. of the Service and other
services provided by the Company (including sending e-mails, flyers, and other direct mailings)
(4) To contact as necessary for maintenance, important notices, etc.
(5) To respond to opinions, inquiries, etc. from the User regarding the Service (including to
confirm the identity of the User)
(6) To report to the User on the use of the Service
(7) To request the User’s cooperation in surveys, interviews, and participation in various events
related to the Service, or to report the results of such events, etc.
(8) To research and analyze the usage history of the Service and use the results to improve and
develop the Service and to deliver advertisements
(9) Provision of personal information to companies participating in events hosted by the Company
based on the User's consent or application
(10) To identify Users who violate the Terms of Use or who attempt to use the Service for fraudulent
or unfair purposes, and to refuse their use of the Service.
Article 3 (Management and Protection of Personal Information)
Personal information shall be strictly managed and shall not be disclosed or provided to any third
party without the consent of the User, except in the following cases. In addition, in consideration
of safety, we will take measures to prevent and correct risks such as unauthorized access to
personal information, loss, destruction, falsification, and leakage of personal information.
(1) When it is necessary for the protection of a person's life, body, or property and it is
difficult to obtain the User's consent.
(2) Cases in which the provision of personal information is particularly necessary for improving
public health or promoting the sound growth of children and in which it is difficult to obtain the
User's consent.
(3) Cases in which it is necessary to cooperate with a national agency, a local government, or an
individual or entity entrusted by either a national agency or local government to execute affairs
prescribed by law, and in which obtaining the User's consent is likely to impede the execution of
such affairs.
(4) When all or part of the handling of personal information is outsourced within the scope
necessary to achieve the purpose of use, in order to facilitate the smooth performance of business
operations.
(5) Cases in which personal information is provided as a result of the succession of business due to
merger or other reasons.
(6) Cases in which personal information is used jointly with a specific person, and in which this
fact, the items of personal information to be jointly used, the scope of the joint Users, the
purpose of use by the User, and the name of the person responsible for the management of the
personal information is notified to the User in advance, or is made readily accessible to the User
or the name of the person responsible for the management of such personal information is made
readily accessible to the User in advance.
(7) Other cases permitted by laws and regulations
Article 4 (Entrustment of Handling of Personal Information)
The Company may outsource all or part of the handling of personal information within the scope
necessary to achieve the purpose of use. In such cases, the Company will thoroughly examine the
eligibility of the consignee, stipulate confidentiality obligations in the contract, and exercise
necessary and appropriate supervision over the consignee.
Article 5 (Disclosure of Personal Information)
When the Company is requested by the User (limited to the person himself/herself.) to disclose
personal information, the Company shall disclose such information to the User without delay.
However, if the Company decides not to disclose the information, it will notify the User to that
effect without delay.
(1) When there is a risk of harm to the life, body, property, or other rights or interests of the
User or a third party
(2) If there is a risk of significant hindrance to the proper conduct of our business
(3) Other cases that would violate laws and regulations
Article 6 (Correction and Deletion of Personal Information)
1. If the personal information in our possession is incorrect, we will correct or delete the
personal information at the request of the User in accordance with the procedures we have
established.
2. If we receive a request from the User as described in the preceding paragraph and deem it
necessary to respond to the request, we will correct or delete the relevant personal information
without delay and notify the User of such correction or deletion.
Article 7 (Suspension of Use of Personal Information)
When the Company receives a request from the User to stop using or delete (“stop using, etc.”)
his/her personal information in the following cases, the Company will conduct the necessary
investigation without delay and, based on the results, will suspend the use of personal information
in accordance with the law and notify the User. However, in cases where it is difficult to suspend
the use of personal information due to the large amount of costs involved or other difficulties in
doing so, and alternative measures can be taken to protect the rights and interests of the User, we
will take such alternative measures.
(1) Cases in which the purpose of use is handled in a manner that exceeds the scope of the intended
purpose of use.
(2) If the personal information was obtained by wrongful means.
(3) If the information is used in a manner that may encourage or induce illegal or unjust acts.
(4) When there is no longer use of the User's personal information.
(5) Leakage, loss, or damage (“leakage, etc.”) of personal information that includes personal
information requiring special consideration has occurred or is likely to occur.
(6) When there has been or is likely to be a leakage, etc. of personal information that may cause
property damage due to unauthorized use.
(7) When there has been or is likely to be a leakage, etc. of personal information that may have
been done for a wrongful purpose.
(8) When there has been or is likely to be a leakage, etc., of personal information involving more
than 1,000 persons.
(9) When there is a risk that the rights or legitimate interests of the User may be harmed by the
handling of said personal information.
Article 8 (Procedures for Changing Privacy Policy)
The Company will review the contents of this policy from time to time and strive to improve it. The
contents of this policy may be changed except as otherwise provided in laws and regulations or in
this policy. The revised Privacy Policy shall become effective when it is notified to the Users or
posted on the Company's website in a manner prescribed by the Company.
Article 9 (Compliance with Laws, Regulations and Norms)
The Company will comply with Japanese laws and regulations and other norms applicable to personal
information in our possession.
Article 10 (Response to complaints and concerns)
If the Company receives complaints and concerns from the User regarding the handling of personal
information, such responses to complaints and concerns shall be done in an appropriate and timely
manner. The Company will also respond promptly and appropriately to requests from Users for
disclosure, correction, addition, deletion, or refusal of use or provision of said personal
information.
Article 11 (Security Control Measures)
The Company takes organizational, physical, personnel, and technical measures to prevent
unauthorized access to personal information, loss, destruction, alteration, and leakage of personal
information by restricting access to personal information files, recording access logs, and
implementing security measures to prevent unauthorized access from outside the company. In the
unlikely event of an incident involving the leakage of Users' personal information, the Company
shall promptly report the incident to the regulatory authorities in accordance with the Personal
Information Protection Act and related guidelines, and take necessary measures to prevent similar
incidents from occurring or recurring, in accordance with the instructions of the relevant
regulatory authorities. For details, please refer to the attached "Security Control Measures for
Personal Information".
Article 12 (Address, Name of Representative, Personal Information Protection Manager)
Our address, the name of the representative and personal information protection manager are as
follows;
Address: Yamatane Ikebukuro Building 2F, 1-11-22 Minami Ikebukuro, Toshima-ku, Tokyo
Representative: Takashi Ozawa
Personal Information Protection Manager: Mitsuhisa Toya
Article 13 (Contact for Inquiries)
For inquiries regarding our handling of personal information, please contact the following;
A3 Inc. Customer Service Contact
〒 171-0022
Yamatane Ikebukuro Building 2F, 1-11-22 Minami Ikebukuro, Toshima-ku, Tokyo
TEL: 03-6903-1806
Mail: kanri@athree3.com
Attachment: Security Control Measures for Personal Information
We will endeavor to keep personal information of Users and others accurate and up-to-date, and will take the following necessary and appropriate security control measures by formulating a basic policy and rules for handling personal information.
1. formulation of basic policy
Establishing a basic policy regarding compliance with relevant laws, regulations, guidelines, etc.,
as well as a contact point for handling questions and complaints for ensuring the proper handling of
personal information.
2. Establishment of rules for the handling of personal information
Establishing rules for handling personal information, including handling methods, responsible
persons/persons in charge, and their duties at each stage of acquisition, use, storage, provision,
deletion, disposal, etc.
3. Organizational safety control measures
・Placing a person responsible for the handling of personal information, clarifying the employees who
handle personal information and the scope of personal information handled by such employees, and
establishing a system for reporting to the person responsible in the event that a violation of the
law or handling rules is detected or any indication of such a violation is detected.
・Conducting periodic self-inspections of the status of personal information handling, and conducting
audits by other departments or outside parties.
・Establishing a system to respond to incidents of leakage, etc.
4. Personnel safety control measures
・Ensuring that all employees are aware of the matters to be considered in handling personal
information, and providing education and periodic training.
・Prescribing confidentiality of personal information in the rules of employment and the pledge.
・Clarifying the roles and responsibilities of employees regarding protection of personal
information.
5. Physical security control measures
・Placing control access to the area where personal information is handled and limiting the equipment
and other items that employees may bring into the area.
・Implementing measures to prevent access to personal information by unauthorized persons.
・Implementing measures such as locking and encryption to prevent theft or loss of equipment,
electronic media, and documents that handle personal information.
6. Technical security control measures
・Designating the management classification of personal information and placing access
privileges.
・Managing the access privileges to personal information databases.
・Implementing measures to prevent leakage, damage, etc. of personal information.
・Implementing systems to protect personal information from unauthorized access from outside or
unauthorized software.