プライバシーポリシー

Chapter 1. General Provision

In operating this site and providing this service, Outabox Inc. shall respect the privacy of customer and fully give consideration to, carefully protect and adequately manage personal information.

The administrator shall formulate compliance program, which includes, not but limited to, this privacy policy, stipulation of personal information protection and other stipulations and terms and conditions, in order to implement this policy, and shall ensure that all supervisors, employees and other concerned personnel are aware of this program for implementation and compliance, and shall continually improve this program.

If any customer supplies the administrator with personal information, the customer shall agree to terms and condition of this service and this provision beforehand.

Section 1. About this provision

1. Definition of term

For the purpose of this provision, the following definitions shall apply.

• Administrator:Administrator means the person who manages this site, provides this service and processes personal information collected in accordance with this provision, i.e., Outabox Inc.
• Customer Customer means those who use this site and service and legal person and other groups or individual who supplies its own personal information.
• EU user EU user means the customer (legal person, other groups or individual) subject to GDPR.
• This provision “This provision” means this privacy policy established by the administrator.
• This site “This site” means the website managed by the administrator.
• This service “This service” means a range of services provided through this site.
• Link site “Link site” means the third-party website and the like linked from this site.
• Personal information “Personal information” means the information of customer collected by administrator in accordance with this provision, including, but not limited to, name and mail address. The information which does not apply to the scope of personal information but can be easily collated it with other information and thus identified with a certain individual shall be included. For the legal person or any other groups, the information and the like of board members, employees and other constituent members shall apply.
• Personal information “Personal information” means the information of customer collected by administrator in accordance with this provision, including, but not limited to, name and mail address. The information which does not apply to the scope of personal information but can be easily collated it with other information and thus identified with a certain individual shall be included. For the legal person or any other groups, the information and the like of board members, employees and other constituent members shall apply.
• EEA EEA means European Economic Area.
• GDPR GDPR means General Data Protection Regulation.
• Supervisory authority “Supervisory authority” means the public organization which supervises the application of General Data Protection Regulation.

Article 2. (Application of provision)

• 1. This provision shall apply to this site and service, except in the case that there is any other specific privacy policy for the site and service managed by the administrator.
• 2. If there is terms and conditions of this service, special provisions, any other individual provisions and the like (hereinafter referred as “individual provision”), except this provision, then such individual provision shall form a part of this provision, and any customer shall agree to this provision and such individual provision.
• 3. The administrator shall not bear any responsibility for the privacy protection conducted by link sites, including the method of personal information management, and their content.

Article 3. (Preference of application)

• 1. In the event of any inconsistency among this provision, individual provision and GDPR, individual provision shall prevail.
• 2. This provision has Japanese version and foreign language version. In the event of any inconsistency between Japanese version and foreign language version, Japanese version shall prevail.

Article 4. (Governing law)

This provision shall be, in principle, construed in accordance with and governed by Japanese law.

Article 5. (Amendment of provision)

The administrator may amend this provision without prior consent by customer if the administrator determines that it is necessary to amend it. In the case of amendment, the administrator is required to post customer to that effect on this site and clearly specify the date when such amendment becomes effective. However, if there is any content which requires the consent by customer for the amendment under the laws and regulations, the administrator shall obtain the consent by customer in the way specified by the administrator.

Section 2. Management of personal information

Article 6. (Collection of personal information)

1. The administrator is required to collect personal information in an adequate and righteous way.

2. The administrator will not, in principle, collect sensitive personal information. This shall not apply, however, where the administrator determines that it is necessary to collect it under the circumstances of execution of service and business. The sensitive personal information to be collected shall be within a necessary range for execution of this service and business.

3. The administrator may not provide customer with a part of or full of this service if personal information of such customer collected by the administrator is insufficient or the information entered by such customer lacks accuracy.

4. If the administrator acquires personal information of customer not directly from the customer, the administrator shall inform such customer of whom the information had been supplied.

7.（収集する個人情報）

本規約に基づき管理者が収集する個人情報は下記の通りです。 氏名、メールアドレス、クレジットカード情報、携帯電話・スマートフォン等の端末固有ID、ログ情報、オンライン識別子（IPアドレス、クッキー）、匿名ID、その他、管理者が定める入力フォームにお客様が入力する情報又は、お客様が管理者に通知した情報（問い合わせ、質問内容等）

2.SNS等の外部サービスから提供される下記の情報 (1)当該外部サービスでお客様が利用するID等 (2)その他、当該外部サービスのプライバシー設定等によりお客様が連携先に開示を求めた情報

Article 7. (Personal information we collect)

1. The personal information to be collected by the administrator in accordance with this provision shall be as follows; Name, Mail address, Credit card information, Unique device identifier of mobile phone, smartphone and the like, Log information, Online identifier (IP address, cookie), Anonymous ID, Any other information customer had entered into the form specified by the administrator or the one customer had supplied to the administrator such as content of inquiry and question

2. The information supplied by SNS and any other third-party services such as; (1) ID and other information customer uses in such third-party service (2) Any other information customer had requested the connected site of such third-party service to disclose by privacy setting or other settings of such service.

Article 8. (Personal information of customer who is under the age of 16)

1. The administrator will not directly collect personal information from any individual who is under the age of 16. For the management of personal information with regard to the direct supplement of information social service to any child who is under the age of 16, the administrator shall obtain consent or permission from a person who bears responsibility of custody for the child.

2. If the personal information which had been acquired without the consent or permission by a person who bears responsibility of custody is found, the administrator is required to delete such personal information without delay.

Article 9. (Management of personal information)

1. The administrator shall retain the accuracy of personal information and safely manage it.

2. The administrator shall take adequate information security measures against any threats such as illegal access and computer virus in order to prevent the loss, corruption, falsification and divulgation of personal information.

3. The administrator must not take out personal information or send it to any third party to divulge it.

4. In the event of infringement of personal information (divulgation), the administrator must inform supervisory authority to that effect within 72 hours from its occurrence. The notification thereof to customer shall be done without delay. This shall not apply, however, if there is little possibility that such infringement will causes the risk against the rights or freedoms of customer. Also, if there are special circumstances which hinder the completion of the said notification within 72 hours, the administrator shall give the customer the notice with the reason of retardation.

Article 10. (Use of personal information)

1. On the basis of stipulations in this provision, the administrator shall use the collected personal information to execute this service and business within the range of this provision or purpose of use presented at the time of collection.

2. The customer shall agree that, for the purpose of improving this service, the administrator may use personal information for the request of opinion, popularity, and information supplement, and the activities of advertisement and promotion.

Article 11. (Purpose of use)

Purpose of use of personal information and the information we use shall be as follows:

Purpose of use:To provide this service, including the identification and reference of usage situation of this service by the administrator

Information we use:Mail address, Credit card information, Unique device identifier of mobile phone, smartphone and the like, Log information, Online identifier (IP address, cookie), Anonymous ID

Purpose of use:To respond to the inquiry from customer

Information we use:Name, Mail address, Content of inquiry, Any other information customer had supplied to the administrator

Purpose of use:To send direct mail to customer

Information we use:Mail address

Purpose of use:To collect and store log in order to manage personal information. The administrator shall determine the reasonable period as retention period of such information.

Information we use:Unique device identifier of mobile phone, smartphone and the like, Log information, Online identifier (IP address, cookie), Anonymous ID

Purpose of use:To send mail magazine to customer

Information we use:Name, Mail address

Purpose of use:To post the content of inquiry from customer on this site (supplied information shall be processed in order to prevent identification) 。

Information we use:Name, Mail address, Content of inquiry, Any other information customer entered into the form specified by the administrator or the one customer had supplied to the administrator, such as content of inquiry or question

Purpose of use:To send regularly-issued materials such as invoice and receipt to customer

Information we use:Name, Mail address

Purpose of use:To send or distribute information to, under the direction of customer, other services including the services provided by its partner, so that customer can use this service more easily

Information we use:Name, Information customer had supplied to the administrator

Purpose of use:Through the type of usage, name and domicile, to identify a certain individual of customer who had violated this provision by inflicting damage to the third party or had had illicit or unrighteous purpose of use, and then request such customer to cease to use this site and service

Information we use:Mail address, Credit card information, Unique device identifier of mobile phone, smartphone and the like, Log information, Online identifier (IP address, cookie), Anonymous ID

Purpose of use:To render the notification and other works pertaining to the above, such as notification of provision amendment, reception of new agreement and notification of suspension or cessation of this service.

Information we use:Name, Information customer had provided to the administrator

Article 12 (Outsource of personal information management)

The customer shall agree that the administrator may outsource the management of personal information to the third-party in order to achieve the purpose of this service. In the event of outsourcing, the administrator must rigorously conduct the survey over the said third party and then adequately supervise it to get across the protection of privacy.

Article 13. (Retention period of personal information)

1. The administrator shall retain personal information of customer as long as the customer uses this service.

2. With regard to regulations in the region where the administrator operates the business or other requirements, the administrator shall retain transaction information, usage information of this service and other relevant information for the maximum of seven years (hereinafter referred as “information retention period). After the elapse of such information retention period, the administrator must delete or de-identify such personal information pursuant to laws and regulations.

3. The customer may request the administrator to delete the account of this service (personal information) of its own. The administrator shall, by its request and at the discretion of administrator, limit the use of, delete or de-identify such personal information.

Article 14. (Supplement of information to the third-party)

1. The administrator must not disclose, supply or deliver personal information to any third party without prior consent from customer, except in the cases set forth below.

2. In the event of any of the following cases, the administrator may supply to the third party, without obtaining the consent from customer, bare minimum personal information in excess of the extent of purpose of use. (1) When the supplement is made pursuant to laws and regulations of each country. (2) When the cooperation is requested for the duties pursuant to laws and regulations executed by the authority of each country, local government or their assignee, and the reception of consent from customer may cause the risk to obstruct the execution of operation conducted by the administrator. (3) When the supplement is necessary for the protection of the life, body or property of a person, and it is difficult to obtain the consent of the customer. (4) When the supplement is in particular necessary to improve public health or promote sound development for children’s life, and it is difficult to obtain the consent of the customer.

3. In the case of supplement of personal information stipulated in the previous two clauses, if there is no righteous legal ground on the demand and the like from the authority of each country or other authorities, or such demand is deemed unclear, inadequate or excessively broad, then the administrator shall file an appeal with such demand and/or decline it.

Article 15. (Shared use)

The administrator must not make the shared use of personal information.

Rights of customer

Article 16. (Overview)

1. Any EU user shall be subject to GDPR for the management and of personal information of EU user and have the rights specified in this chapter for the handling thereof. Any EU user shall, in accordance with GDPR, confirm the rights of EU user with regard to the ground on the management of personal information and the handling thereof.

2. “EU user” in this chapter shall be equivalent to “customer” and be applied accordingly.

Article 17. (Customer outside EEA)

Any customer outside EEA may submit such request as, but not limited to, explanation, modification and deletion with regard to its own personal information.

Article 18. (Ground of information management)

1. The administrator shall, in accordance with one or more ground(s) stipulated in GDPR, which are also listed in the below table, manage, retain and use personal information of EU user. However, the administrator must obtain the consent from the customer prior to such management.

2. For the purpose of this management, the following grounds shall apply. Purpose of use of personal information and the information we use shall be referred to Article 11 (Purpose of use).

Ground:To provide the services and features EU user demands.

Detail:The administrator is required to collect and use specific information to provide the services.

Ground:To protect significant interests of EU user or the third party

Detail:The administrator is required to manage personal information, including the disclosure of information to law enforcement agencies, in the event that the security of EU user or the third party becomes jeopardized.

Ground:To protect legitimate interests of the third party

Detail:The administrator may collect and use personal information to the extent necessary for protecting the interests of public or the third party.

Ground:To protect legitimate interests of administrator

Detail:The administrator may collect and use personal information to the extent necessary for protecting the legitimate interests of administrator.

Ground:In order for the administrator to fulfill its lawful obligations

Detail:The administrator is required to retain such information for a long period and, if government authority or other authorities requests the administrator to disclose personal information, deliver the copy of such information to the said authorities.

Article 19 (Consent to the use of personal information)

The administrator shall collect and use personal information of customer by its consent. This consent may be revoked at any time. However, in the case of revocation of consent, the customer shall accept in advance that the services and features provided by the administrator will be made unavailable.

Article 20 (Disclosure of personal information)

1. When a customer requests the disclosure of its own personal information, the administrator shall confirm whether such request had been submitted by the customer in question and then disclose such information without delay to the said customer. If such information does not exist, the administrator shall inform the said customer to that effect. These shall not apply, however, if the administrator has no obligation of disclosure in accordance with Private Information Protection Law or other laws and regulations.

2. When a customer personally requests the disclosure of personal information, the administrator shall disclose it to the said customer. However, in the event of any of following cases resulting from the disclosure, the administrator may determine to withhold the disclosure of a part or full of such information. In this case, the administrator shall inform the said customer to that effect. In addition, any customer shall pay a fee of JPY 1,000 for one disclosure of personal information. (1) When there is a risk of harm to the life, body, property or other rights or interests of the customer or any third party. (2) When there is a risk of significant hindrance for adequate operation of business by the administrator. (3) When there is any breach of laws and regulations.

3. Notwithstanding the stipulation of the preceding clause, in principle, the information such as history information and characteristic information must not be disclosed.

Article 21. (Explanation and copy of personal information)

1. Any customer has the right to request the explanation with regard to the retention, usage and other managements of personal information by the administrator.

2. If the administrator has collected personal information by consent of customer or for the necessity of providing the service(s) requested by customer, the customer has the right to receive a copy of information of the said customer collected by the administrator.

Article 22. (Correction of personal information and its cessation of use)

If a customer requests to correct the content of personal information due to the reason that such information is not correct, or to cease the use thereof due to the reasons that such information was used for the purposes in excess of the originally announced range or was collected in fraudulent or other improper ways, then the administrator shall confirm that the said request had been submitted by the customer in question and then conduct the necessary survey without delay. In accordance with the result of the said survey, the administrator shall correct the content of such information or cease the use thereof and then inform the customer in question to that effect. However, in cases where the cessation of usage of such personal information would require large fees or is otherwise difficult, and there is any alternative measure necessary to protect the right and rights of the customer in question, then the administrator shall take such measure. Meanwhile, if the decision had been made not to correct or cease to use such information due to the rational reasons, the administrator shall inform the customer in question to that effect.

Article 23. (Deletion of personal information)

1. If a customer requests the deletion of personal information and the administrator recognizes the necessity to accept the request, the administrator shall confirm that the said request had been submitted by the customer in question, delete such personal information, and inform the customer to that effect.

2. The preceding clause shall not apply when GDPR, Private Information Protection Law or other laws and regulations does not oblige the administrator to correct or cease to use personal information.

3. The customer in question shall accept that, as a result of such deletion, a part or full of this service provided by the administrator may be made unavailable.

Article 24. (Inquiry or claim for the management of personal information)/h3>

1. Any customer has the right to make a complaint against the management of personal information by the administrator. The management includes the processing for the purpose of marketing resulting from the profiled or automated decision making. However, notwithstanding the submission of complaint, the administrator may manage such personal information within the range of GDPR, Private Information Protection Law or other laws and regulations.

2. Inquiry or complaint with regard to personal information shall be notified to the person in charge in the way specified in “Contact” set forth below.

Chapter 3. Others

Article 25. (Connection with the third-party services)

This site may have the connection with such third-party services as, not but limited to, Twitter and Facebook (hereinafter referred as “SNS”). Any customer shall agree that the information the customer has entered may be displayed on and/or spread to such SNS.

Article 26. (Cookie)

This site uses cookie for the purpose of facilitating the use of customer at the time of making another visit to this site. The use of cookie will not infringe the privacy of customer. However, any customer may have the choice to allow cookie to be used through the setting of browser. If the use of cookie is disallowed, the customer shall accept that a part or full of this service and this site may be made unavailable.

Article 27. (Web beacon)

This site may use web beacon, the technology which enables to acquire the statistical information including, not but limited to, access status of each page. The use of web beacon will not identify a certain individual.

Article 28. (Protection of personal information)

This site installs Secure Socket Layer (SSL) to the pages where personal information is to be entered for the purpose of protecting personal information of customer. SSL is a communication protocol which enables the information to be encrypted and then sent and received on the internet.

Personal information entered by the customer is automatically encrypted at the time of transmission of such personal information. The use of secured web browser makes such personal information entered as name and mail address automatically encrypted before the transmission and reception. Even in the event that any third party intercepts the transmit data, there is no risk of scanning or falsification of its content. In addition, in the case of using browser which does not support SSL, the access to this site or the input of information may be denied.

Article 29. (Indemnification)

The administrator shall not be held liable for the any of the following cases and deal with or give the surety for it. (1) When the personal information of customer is displayed on or spread to the connected third-party services such as SNS by intention or negligence of customer. (2) In the above-mentioned case, when any third party makes an inquiry or a compliant, the dispute arises between the customer and the third party, or the customer inflicts a loss to the third party. (3) The accuracy of personal information personally entered by the customer to the form specified by the administrator. The same shall apply when, by request of customer in question, the administrator had corrected the personal information or conducted other adequate measures thereon, and nevertheless such information is incorrect.

Article 30. (Organization and structure)

1. The administrator shall assign a person in charge of personal information protection and implement the management of it in an adequate way.

2. The administrator shall offer to board members and employees the training with regard to the protection of personal information and the adequate management thereof so that such management can be thoroughly conducted in daily business.

Article 31. (Contact)

Inquiry or complaint with regard to personal information shall be notified to the person in charge of personal information management in the way set forth below.

 

Person in charge of personal information management

 

The following contact form shall be used;

Contact us（https://gallerist.jp/contact）