Peraichi Privacy Policy

Peraichi Inc. ("the Company") recognizes that the protection of Personal Information of the Customers (including not only users of "Peraichi", but also customers of such users; the same shall apply hereinafter) is very important, and shall acquire and shall make effort to handle properly and protect Personal Information as defined by the Act on the Protection of Personal Information of Japan (the "Personal Information Protection Act") in accordance with the following privacy policy (the "Policy").

1 Acquisition of Personal Information

The Company acquires the Customers’ Personal Information (meaning Personal Information as defined in Article 2, Paragraph 1 of the Personal Information Protection Act; the same shall apply hereinafter). through services operated and provided by the Company (the "Company's Services") by proper means. If the Customers do not agree to the acquisition and handling of the Customers’ Personal Information in accordance with the Policy, the Customers shall not use the Company’s Services.
The Customers who use the Company’s Services shall be deemed to have agreed to the Policy.

2 Utilization Purpose of Personal Information

  1. The Personal Information that the Company acquires, collects, and uses includes the following information;
      • The Customers’name, address, store name, store location, telephone number, e-mail address, and other information that can identify a specific individual;
      • Member information such as member ID, Facebook ID, bank account information, credit card number;
      • Unique information such as cell phone terminals used for the Company’s Services (including individual identification information such as unique terminal ID);
      • IP addresses automatically generated and stored when using the Company’s Services, the date and time of the Customers’ requests, and operation history information;
      • Location information sent from cell phone terminals, etc;
      • Transaction information related to payment processing (including, but not limited to, contract information with the Company, product information, order history information, transaction history information, payment history information, and billing information and payment information provided to payment companies);
      • Membership information such as member ID for RAKSUL’S services provided by the RAKSUL group, through the joint use of Personal Information with the RAKSUL group; and
      • Information regarding personal attributes that is integrated with personal information.
  1. The Company uses the Customers' Personal Information for the following purposes;
      • Operation, provision and customer management of the Company’s Services (including customer management of Peraichi users);
      • Information of the Customers about the Company’s Services;
      • Response to inquiries etc. regarding the Company’s Services;
      • Responce to acts that violate the terms of Use, guidelines, etc. set forth by the Company regarding the Company’s Services;
      • Improvement and analysis of the Company’s Services, or development, etc. of new services;
      • Notification to the Customers regarding the Company’s Services and the products and services of the Company’s affiliates;
      • Applications, etc. for external services related to the Company’s Services;
      • Sending of prizes for campaigns, etc. related to the Company’s Services;
      • Identification of the Customers;
      • Provision of affiliated services (including services provided by the RAKSUL group), provision of the Company’s Services in cooperation with the Company’s affiliated services, display of advertising information, etc. that matches the needs and interests of the Customers, and analysis of advertising effectiveness;
      • Creation of statistical data and provision of such data to third parties;
      • Utilization incidental purpose to the above purposes;
      • Carrying out other purposes that the Company deems necessary within the scope of common sense;
      • Distribution of behavioral targeting advertisements using advertising distributors-such as Google and Yahoo!; and
      • Analysis of attribute information, behavioral history, etc. acquired by the Company in order to understand the interests and preferences, etc. of the Customers.

3 Disclaimer Regarding Disclosure of Personal Information

The Company does not disclose Personal Information to third parties without the consent of the customer, except in cases prescribed in the Policy or permitted by the Personal Information Protection Act or other laws and regulations; provided, however, that the Policy may disclose in the following cases;
  • In cases where the Company deems that the information is used within the scope of the Personal Information Protection Act and other laws and regulations;
  • In cases where the disclosure of Personal Information is deemed necessary to cooperate in regard to a central government organization or a local government, or a person entrusted by a central government organization or a local government, or a person performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs; and
  • In cases where there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent.

4 Change of Personal Information

Personal information registered at the time of the Company’s membership registration can be changed on the my page of the Company’s Service.

5 Management of Personal Information

The Company takes necessary and appropriate measures to manage access to Personal Information, restrict the means of transporting Personal Information, prevent unauthorized external access, prevent leakage, loss, or damage of Personal Information, and other safely manage Personal Information. The security control action of personal data is stipulated separately in the "Rules for Handling Personal Information, etc.", the main contents of which are as follows.
(Development of Personal Information Protection Guideline)
  • In order to ensure the proper handling of personal data, the Company has developed the guideline (Personal Information Protection Guidelines) regarding "compliance with relevant laws, regulations, guidelines, etc." and "contact for handling questions and complaints.
(Establishment of Rules for Handling Personal Data)
  • For each stage of acquisition, use, storage, provision, deletion, disposal, etc., the Company has established "Personal Information Handling Regulations" regarding handling methods, responsible person and person in charge, and their duties, etc.
(Organizational Security Control Action)
  • In addition to appointing a person responsible for handling personal data, the Company clarifies the employees who handle personal data and the scope of personal data handled by such employees, and has established a system for reporting to the person responsible for handling personal data in the event that the Company understands a violation of the Personal Information Protection Act or Personal Information Handling Regulations is detected.
  • The Company conducts regular self-inspections of the status of personal data handling, as well as audits by other departments and outside parties.
(Personnel Safety Control Action)
  • The Company provides employees with regular training on points to keep in mind regarding the handling of personal data.
  • The Company stipulates items concerning confidentiality of personal data in the employment regulations.
(Physical Safety Control Action)
  • In areas where personal data is handled, the Company controls the entry and exit of employees, restricts the equipment and other items employees may bring in, and takes measures to prevent unauthorized person from accessing personal data.
  • The Company takes measures to prevent theft or loss of equipment, electronic media, and documents that handle personal data, as well as to prevent personal data from being easily discovered when such equipment, electronic media, etc. are transported, including within the business site.
(Technical Safety Control Action)
  • The Company implements access control to limit the scope of persons in charge and the Personal Information databases, etc. handled.
  • A mechanism is in place to protect information systems handling personal data from unauthorized external access or unauthorized software.
(Understanding the external environment: Entrusting the handling of Personal Information in foreign countries)
  • Please refer to section 6 below.

6 Entruting the Handling of Personal Data in Foreign Countries

The Company entrusts a part of the development of the Company’s Services to Japan Quality Co., Ltd. and Rikkeisoft Co. (hereinafter referred to as the "Vietnamese contractors"), companies located in the Socialist Republic of Vietnam, and the Company allows the Vietnamese contractor to access the Customers' Personal Information on the Company’s Servers only to the extent necessary for part of the development.
The measures taken by the Company in entrusting the handling of Personal Information to the Vietnamese contractors are as follows
(1) Method of Providing Personal Information to Vietnamese contractors
  • The Company provides Personal Information to the Vietnamese contractors after concluding, an entrustment agreement with the Vietnamese contractors.
(2) Measures taken by the Vietnamese contractors
  • The entrustment contract stipulates that the Vietnamese contractors shall handle personal data within the scope of the specified purpose of use, shall take necessary and appropriate security control action, shall exercise necessary and appropriate supervision over the Vietnamese contractor’s employees, shall not re-entrustment, and shall not provide provision of personal data to third parties.
(3) System for the Protection of Personal Data in the Socialist Republic of Vietnam
  • Please refer to the "System for the Protection of Personal Information in the Socialist Republic of Viet Nam" described below.
(4) Cessation of Provision of Personal Data
  • In cases where a Vietnamese contractor is handling Personal Information in violation of the entrustment agreement, including the measures described in (2) above, and even if the Company requests the contractor to promptly correct such handling in accordance with the entrustment agreement and such handling is not corrected within a reasonable period of time and the Company deems difficult to ensure the continuous implementation of appropriate measures, the Company will stop providing Personal Information to the Vietnamese contractors.
  • The Company will cease to provide Personal Information to the Vietnamese contractors if the Company confirms that any amendment has been made to the system for the protection of Personal Information in the Socialist Republic of Vietnam that is in conflict with the above (3).

7 Response to Requests for Disclosure, Correction, Utilization Cease, etc. of Personal Information

In cases where the Company receives a request from a customer for notification of utilization purpose, disclosure, correction, addition, deletion, or utilization cease of Personal Information, the Company will respond to the customer in accordance with the provisions of the Personal Information Protection Act after confirming the customer's identity; provided, however, that the Company is not obligated to disclose the Personal Information. Any communication and transportation costs incurred in making such an application, as well as any costs associated with the documents and other materials to be prepared at the time of identity verification, shall be borne by the customer.

8 Cookies and other technologies

(1) The Company’s Services may use cookies and similar technologies to improve the service level. These technologies are used for the purpose of understanding the usage of the Company’s Services, enhancing navigation, and improving the Company’s Services to the Customers. Cookies can be disabled in the Customers’ web browser settings. However, disabling cookies may prevent some of the Company’s Services from being used properly. Please understand this beforehand.
(2) The Company uses Google Analytics to monitor the usage of the Company’s website. Please refer to the following URL for details on Google Analytics, including data collection and processing methods.
https://www.google.com/intl/ja/policies/privacy/partners/
https://www.google.com/analytics/policies/
https://support.google.com/analytics/answer/2700409?hl=ja&topic=2611283
(3) The Company uses Stripe for payment, analytics and other purposes of the Company’s Services. Stripe collects identifying information about devices that connect to its services. Stripe uses that information to operate and improve its services, including its abuse detection services. For more information about Stripe and its privacy policy, please visit https://stripe.com/privacy

9 Joint Utilization

The Company utilizes the Personal Information of the Customers jointly by the RAKSUL group with the RAKSUL group. Please refer to the following page for information on the joint utilization of Personal Information by the RAKSUL group.
RAKSUL INC. Personal Information Protection Policy
Joint Utilization of Personal Information within the RAKSUL group
https://corp.raksul.com/privacy-policy/

10 Amendment to the Policy

The Company may change the contents of the Policy based on the Customers opinions and the Company’s reasonable judgment. Any amendment will be notified to the Customers by posting on the Company’s Service website, the Company’s corporate website, or by e-mail.

11 Contact

If the Customers have any questions regarding the Policy, please contact us at the following address
Daiichi Akatsuki Building 9F, 1-19-9 Dogenzaka, Shibuya-ku, Tokyo-to, 150-0043 Japan
Peraichi Inc.
Representative Director: Yasui Kazuhiro
Attn: Yasui Kazuhiro
E-mail: hello@peraichi.com
  • Established April 21, 2015
  • Revised February 20, 2009
  • Revised November 16, 2020
  • Revised August 26, 2021
  • Revised October 1, 2021
  • Revised March 24, 2022
 

【System for Protection of Personal Information in the Socialist Republic of Viet Nam】

Whether or Not there is a System for the protection of Personal Information

There is no comprehensive law and regulation.
The following laws and regulations are representative of those applicable to individual field.
Law on Cyber-information Security No. 86/2015/QH13(the "Law on Cyber-information Security")
  • URL: https://thuvienphapluat.vn/van-ban/Cong-nghe-thong-tin/Luat-an-toan-thong-tin-mang-2015-298365.aspx
  • Implementation Status: July 1, 2016
  • Target Organization: Individuals and organizations directly engaged or involved in cyber information security in Vietnam
  • Target Information: Information in connection with the identification of a specific individual
Law on Information Technology No. 67/2006/QH11 (the "Information Technology Law")
  • URL: https://thuvienphapluat.vn/van-ban/Cong-nghe-thong-tin/Luat-cong-nghe-thong-tin-2006-67-2006-QH11-12987.aspx
  • Implementation Status: July 1, 2007
  • Target Organization: Individuals and organizations engaged in the use and development of information technology in Vietnam
  • Target information: Information in connection with the identification of specific individuals, including name, age, address, ID number, telephone number, E-mail Address, and other information specified by the Information Technology Law.
※In February 2021, the government of the Socialist Republic of Viet Nam published a draft cabinet order on personal information protection, a comprehensive law, for public comment.

Information that may as an Indicator of Systems for the Protection of Personal Information.

An adequacy decision by the EU: None ※1
The APEC CBPR System: None ※2
※1 Countries or regions that have obtained an adequacy decision by the EU are designated by Personal Information Protection Commission, Government of Japan as foreign countries, etc. with systems for the protection of personal information that is deemed to be at the same level of protection as Japan. Based on the GDPR, which is the system for the protection of personal information in the EU (EU member states and Iceland, Norway, and Liechtenstein, which are part of the European Economic Area), or its predecessor, the Data Protection Directive, the European Commission has decided that the country or region is deemed to have an adequate level of data protection, so that it can expect roughly the same level of personal information protection as Japan. For this reason, the fact that a country or region has obtained an adequacy decision by the EU falls under “information that may as an indicator of a system for the protection of personal information”.
※2 As a precondition for participation in the APEC CBPR system, it is stipulated that economies participating in the APEC CBPR system have laws and regulations that comply with the APEC Privacy Framework, and the administrative bodies have the authority to investigate and rectify complaints and problems that cannot be resolved businesses and accountability agents that CBPR certified. Therefore, economies participating in the APEC CBPR system, like Japan, are considered to have laws and regulations compliant with the APEC Privacy Framework and administrative bodies that enforce such laws and regulations and can be expected to protect personal information generally equivalent to that of Japan. For this reason, the fact that economies participating in APEC's CBPR system constitute "information that may as an indicator of a system for the protection of personal information”. Note that the APEC CBPR system covers the private sector.

Obligations of Business Operator, etc., or Rights of the Individuals Corresponding to OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data’s BASIC PRINCIPLES OF NATIONAL APPLICATION

Obligations of business operator, etc., or rights of the individuals corresponding to OECD guidelines on the protection of privacy and transborder flows of personal data’s basic principles of national application are as follows
① Collection Limitation Principle
Partially stipulated in the Cyber Information Security Law, Information Technology Law, etc.
② Data Quality Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
③ Purpose Specification Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
④ Use Limitation Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
⑤ Security Safeguards Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
⑥ Openness Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
⑦ Individual Participation Principle
Partially stipulated in Law on Cyber-information Security, Information Technology Law, etc.
⑧ Accountability Principle
No applicable provisions are found.
 
※3 OECD guidelines on the protection of privacy and transborder flows of personal data’s basic principles as the basic principles referenced by OECD member countries as well as internationally in their efforts to protect personal information, and are used as the de facto global standard when countries develop their personal information protection systems.

Other Systems that may have a Material Effect on the Rights and Interests of the Individual

Systems in connection with the obligation to maintain personal information within the region, which may have a material effect on the rights and interests of the individual.
Systems that impose on business operators the obligation to cooperate with government’s information collection activities, which may have a material effect on the rights and interests of the individual.
①Law on National Security No. 32/2004/QH11(the “Law on National Security”)
  • The People's Police, People's Army, Border Guard, and Maritime Guard may request information from individuals or organizations if they have reason to believe that such individuals or organizations are involved in activities that threaten national security.
  • Regarding access to personal information held by business operators under the Law on National Security, for example, there are no provisions with respect to
  • Restrictions and procedures in connection with the implementation of access
  • Access to the extent necessary to achieve the purposes specified in the regulation (or legitimate purposes not in conflict with such purposes)
  • Approval from an independent organization for the implementation of access
  • Restrictions and safeguards on the handling of acquired information
  • Ensuring transparency regarding the implementation of access
  • The structure of supervision, investigation, and review to ensure compliance with laws and regulations regarding the implementation of access
② Law on Cyber-information Security
  1. The Ministry of Public Security, the Ministry of National Defense, the Ministry of Information and Communications, the Government Cipher Committee, relevant government agencies and the People's Committee shall establish a system for the protection of telecommunications services, Internet-based services or additional services in Vietnam's cyberspace for the purpose of preventing and cracking down on cybercrimes or the use of cyber environment for the purpose of threatening national sovereignty, interests, security or public order, etc. The People's Committee may require domestic and foreign operators providing telecommunication services, Internet services, or value-added services in Vietnam's cyberspace to provide information on users for the purpose of, among other things, preventing and controlling cybercrime.
  1. Regarding access to personal information held by operators under the Act, for example, there are no provisions regarding
  • Restrictions and procedures regarding the implementation of access
  • Access to the extent necessary to achieve the purposes specified in the law (or legitimate purposes not in conflict with such purposes)
  • Implementation of access to the extent necessary to achieve the purposes specified in the law (or legitimate purposes not inconsistent with such purposes)
  • Approval from an independent organ regarding the implementation of access
  • Ensuring transparency regarding the implementation of access
  • The structure supervision, investigation, and review of access practices to ensure compliance with laws and regulations
③Law on Inspection No. 56/2010/QH12
  1. The government auditing agency, the auditing agency of the local administrative region, and the agency delegated to conduct the audit shall the government auditing agency, the auditing agency of a local administrative district, or the agency delegated to conduct the audit may request the individual or organization subject to the audit to provide information on the matters to be audited for the purpose of detecting illegal acts, etc.
  1. Regarding access to personal information held by operators under the Act, for example, there are no provisions regarding
  • Restrictions on the implementation of access
  • Limitations on access to the extent necessary to achieve the purposes specified in the law (or legitimate purposes not in conflict with such purposes).
  • Implementation of access to the extent necessary to achieve the purposes specified in the law (or legitimate purposes not inconsistent with such purposes)
  • Approval from an independent organ regarding the implementation of access
  • Ensuring transparency regarding the implementation of access
  • The structure supervision, investigation, and review to ensure legal compliance with access practices