POLICY
Efforts to protect personal information
Quemix Inc. (hereinafter referred to as the "Company") collects information including personal information (hereinafter referred to as "User Information") regarding users of the services provided by the Company (hereinafter referred to as "Users"). Regarding the handling of personal information, we comply with the Act on the Protection of Personal Information, Guidelines on the Protection of Personal Information, and other related laws and regulations regarding the protection of personal information, and have established the following privacy policy (hereinafter referred to as "this policy").
1.Initiative policy
Our company recognizes the importance of protecting personal information and considers it our social responsibility to strive to protect personal information.We have established the following policy and all employees will work to protect personal information.
2.Appropriate acquisition
Our company will acquire customer's personal information by appropriate and lawful means to the extent necessary for business purposes.
3.Purpose of use
We will specify the following purposes for using your personal information, and will only handle it within the scope necessary to achieve the purpose of use, and will not use it beyond that scope. Please note that the purpose of use of specific personal information, such as specific personal information stipulated in the "Act on the Use of Numbers to Identify Specific Individuals in Administrative Procedures" (hereinafter referred to as the "Numbers Act"), is based on laws and regulations. If the information is limited, it will not be used for any purpose other than that purpose.
-
For personal authentication when registering for services and using services, and for customer management.
-
To request compensation for products, etc. and services.
-
For business management, credit and risk management, and IR activities
-
Customer support and after-sales services related to products, etc. and services
-
To investigate and analyze marketing data, and consider and implement marketing measures.
-
In our company's or third party's media, we provide and solicit products and services of our company or third parties that are tailored to your interests based on analysis of your attributes and browsing history (emails, flyers, SNS, articles, etc.) (including sending other direct mail), advertising and other marketing.
-
To improve products, etc. and services, and to plan, research and develop new products, etc. and services.
-
For event planning, requests for cooperation in interviews, etc., various campaigns, implementation of surveys, and reporting.
-
To contact you regarding recruitment activities and results
-
To provide information on necessary matters related to joining the company after employment has been decided, and to carry out other necessary procedures.
-
To respond to inquiries and contact customers
-
Provision to third parties in the manner described in this policy
In addition, the Company Group (the Company, its parent company, and its subsidiaries are referred to as the Company Group). Regarding the Company Group at this time, Article 5 of this policy, "Joint Use" (2), "Scope of Parties Who Will Share Use" We will also collect and use your personal information for operations related to each of the above matters.
4.Restrictions on provision to third parties
(1)
As a general rule, we do not provide your personal information to third parties unless we have your consent or are required to do so by law. However, if we entrust the handling of personal information to the extent necessary to achieve the purpose of use, or if we engage in joint use as stipulated in Article 5 of this policy, "Joint Use," we may do so without obtaining your consent. You may provide us with your personal information.
(2)
Our company analyzes information obtained from customers, such as the browsing history of our website, in order to provide our services and distribute advertisements. In addition, we may use information obtained from our website, such as the user's browsing history, by linking it with the customer's personal information that we already have. In this case, we will obtain your consent in advance on our website and use your information within the scope of the intended purpose.
Please note that cookies are a technology that records and manages information about customers who use our website on computers and application software. Cookies are used to provide information on the usage status of other services (including access logs, IP addresses, browser information, browser language settings, etc., but there is no information that can identify your personal information) for your convenience. Therefore, if you refuse the use of cookies or delete cookies, the functionality you can use on our website may be limited.
(3)
In order to understand the status of customers' visits to our website, we use Google Analytics, a service of Google LLC and Google LLC, to collect, record, and analyze visit history. For information on how Google handles data in Google Analytics, please visit the following website.
"Google's use of information collected from sites and apps that use Google services"
(4)
Our company may provide personal information such as customer email addresses to businesses that provide advertising distribution services, such as SNS (social networking service) operators, and such businesses may receive the information provided by our company. The company compares personal information such as the email address of the customer with personal information such as the customer's email address held by the business concerned, and conducts marketing activities according to the results of the comparison (if the two match, the Company's advertisements are sent to the customer). (including distributing).
(5)
Based on the Personal Information Protection Act, our company shall take the measures that a business handling personal information must take, and when providing personal data to a third party in a foreign country, we will continue to implement such measures. We will take the necessary measures to ensure that.
5.Group company joint use
We will jointly use your personal information with our group companies as follows. However, specific personal information stipulated in the Number Act will not be shared.
(1)Information to be shared
-
Information regarding attributes and contact methods (name, workplace, address, title, telephone number, e-mail address, etc.)
-
Transaction information (transaction type, history, amount, balance) and credit information
(2)Scope of joint users
Terrace Sky Co., Ltd. and subsidiaries of Terrace Sky Co., Ltd. whose main offices are in Japan*1 *1 Subsidiary means a company in which the Company owns voting rights or has an investment ratio of more than 50% as of February 28, 2024.
Please refer to the link below for the range of applicable group companies.
▶Company Profile(Japanese)
(3)Name of the person responsible for managing personal information related to joint use by group companies
Terrace Sky Co., Ltd. Address and representative name
▶Company Profile(Japanese)
6.Safety management measures
Our company strives to store and manage customer's personal information in an accurate and up-to-date state, and takes the following reasonable security control measures to prevent leakage of customer's personal information and other safety management.
(1)
We have formulated this policy to ensure the proper handling of personal information.
(2)
For each stage of acquisition, use, storage, provision, deletion/disposal, etc., we will formulate and comply with various rules and procedures regarding how to handle personal information, persons in charge and their duties, etc.
(3)
We will appoint a person responsible for the handling of personal information, supervise employees who handle personal information, clarify the scope of handling by such employees, and identify facts or signs of violations of laws, regulations, this policy, and our company's regulations. We have established a system for reporting to the person in charge in the event of an incident. Additionally, we regularly conduct internal inspections and audits regarding the handling of personal information based on information security management (ISO/IEC27001).
(4)
Our work regulations stipulate matters regarding the confidentiality of personal information. We also provide regular training to our employees based on information security management (ISO/IEC27001).
(5)
In addition to restricting employee entry and exit within our business facilities, we have also implemented physical measures to prevent unauthorized persons from viewing personal information. Additionally, we take measures to prevent the theft or loss of equipment, electronic media, documents, etc. that handle personal information, and we also take measures to prevent personal information from being easily discovered, including when moving within the office.
(6)
We implement access control and limit the scope of handling of personnel and personal information through technical measures. Additionally, we have introduced a mechanism to protect information systems that handle personal information from unauthorized access from outside or unauthorized software.
(7)
We appropriately supervise subcontractors that handle customers' personal information. In addition, when handling customer personal information in a foreign country, we will collect and understand information regarding the personal information protection system of the foreign country and implement safety management measures.
7.Continuous improvement
Our company will review this policy from time to time in light of developments in information technology and changes in social demands, and will conduct inspections and audits on the handling of customers' personal information, striving for continuous improvement.
8.Procedures for requesting disclosure, etc.
We strive to respond appropriately and promptly to requests from our customers for notifications regarding the purposes of use of retained personal data, disclosure of the contents of retained personal data and third-party provision records as stipulated by law, as well as requests for correction, addition, deletion, suspension of use, erasure, or suspension of third-party provision in cases where the retained personal data is found to be inaccurate.
(1)Contents of your request
-
Request for notification of purpose of use of retained personal data
-
Request for disclosure of retained personal data, etc.
-
Request for correction, addition, or deletion of retained personal data
-
Request for suspension of use and deletion of retained personal data
-
Suspension of provision of retained personal data to third parties (hereinafter, notification of purpose of use, disclosure, correction/addition/deletion, suspension of use/deletion, and suspension of provision to third parties are collectively referred to as "disclosure, etc.")
-
Disclosure of records of third party provision of retained personal data. However, our company may not disclose personal information if any of the following apply.
➀If disclosure may harm the life, body, property, or other rights and interests of the customer or a third party
➁When disclosure is likely to significantly impede the proper implementation of our business activities
③ When disclosing it would violate laws and regulations, etc.
④If we cannot confirm that the request for disclosure is from the customer
(2)Items of retained personal data that are subject to requests for disclosure, etc.
-
Name, address, telephone number, workplace (workplace name or occupation, telephone number)
-
Objective facts such as transaction contract date, contract type, contract amount, number of payments, credit balance, monthly payment status, etc. (including computer processing and filed information)
(3)Documents, etc. to be submitted when requesting disclosure, etc.
If you would like to make a request for disclosure, etc., please download and print the following personal information disclosure, etc. request form, fill in all the required information, attach a seal registration certificate dated within 3 months from the date of issue, and submit your registered seal. Please mail the request form for personal information disclosure, etc. stamped with , to the address listed in the "Personal Information Customer Consultation Office."
▶Personal information disclosure request form download(Japanese)
When submitting your application, please present one valid document that officially proves your identity, such as a driver's license, passport, health insurance card, national pension handbook, welfare pension handbook, alien registration certificate, etc. If a request for disclosure, etc. is made by a representative, in addition to the above documents, the above documents regarding the representative and documents confirming the authority of representation (in the case of a voluntary representative, a power of attorney and a voluntary representative) Documents that are within the validity period to prove your identity.If you are a legal representative, please present a copy of your family register, adult guardian registration certificate, and documents that are within the validity period to prove the legal representative's own identity.
(4)Fees and payment methods for requests for disclosure of retained personal data, etc.
For each application, you will be charged 1,000 yen (including consumption tax, etc.) in cash.
(5)How we respond to requests for disclosure, etc.
Our company will send a document to the address specified in the request for personal information disclosure, etc. that you submitted, ② send an Excel file to the email address by attaching it to an email, or ③ send it to the address. We will respond by mailing the media containing the Excel file by the method specified by the customer. Please note that even if the request is made by an agent, we will, in principle, respond directly to the person in question.
(6)"Purpose of use" of personal information obtained in connection with requests for disclosure, etc.
Personal information obtained in connection with a request for disclosure, etc. shall be handled only to the extent necessary for the request for disclosure, etc.
9.Changes to privacy policy
We may change this policy from time to time and will post any changes on our website. Customers should carefully check the latest version of this policy posted on the website.
10.Submitting your opinions and requests
We will strive to respond sincerely and promptly to any opinions or requests regarding our handling of personal information.
Personal information customer cunsultation room
Quemix.Inc management department
Taiyo Life Nihonbashi Building 16F 2-11-2 Nihonbashi , Chuo-ku , Tokyo 103-0027
Tel:03-6665-0146
Information security management system
Quemix Co., Ltd. has acquired ISO/IEC27001 certification, an international standard for information security management systems (ISMS), as of August 18, 2023. Nowadays, as companies are increasingly required to globalize their activities, providing services based on the international standard ISO/IEC 27001:2013 is extremely effective in maintaining and improving information security levels. That's what I think. With this certification, a third-party organization has certified that our information management system is appropriate in terms of security.
The certification details are as follows.
BSI Group Japan K.K.
Approving Registration Authority
IS 561777
Certification Registration Number
2023/08/18
Certification Registration Date
ISO27001
Standard
All Departments of Quemix Inc.
Registered Scope of Activities
Certification Details
Security policy
Quemix Inc. would like to continue to provide safe and secure services and continue to be a company trusted by our customers. Therefore, our company recognizes that ensuring the security of information and information systems (hereinafter referred to as information assets) is a management issue related to the existence of the company, has established ISMS regulations, complies with related laws and regulations, and maintains a reliable information security management system. We will strive to maintain this. Our company has established the following basic policy to ensure that all employees recognize the importance of information security and protect information assets.
Building an information security management system
Our company deeply recognizes the importance of information security in the IT information society and strives to build safe, secure, and convenient information communication networks and systems and provide information services.
Conducting risk assessment
Our company conducts systematic risk analysis in order to take appropriate information security measures according to risks. We determine the confidentiality rank of information assets and evaluate threats and vulnerabilities. Additionally, based on the results of the risk assessment, we will formulate countermeasures and continually improve them.
Awareness, education, and training for employees
We will fully educate all employees that protecting information is the basis of our business activities and an important social responsibility as a company, and will comply with this policy and ISMS documents. We will provide appropriate education and training to all employees.
Measures against information security incidents and accidents
Our company prevents information security incidents and accidents from occurring by establishing procedures for preventing information security incidents and accidents and ensuring that employees thoroughly implement them.