GMO GlobalSign HD
Privacy Policy

Privacy Policy

We, GMO GlobalSign Holdings K.K. ("we," "our," or the "Company"; please refer to "Corporate summary") sets this Privacy Policy as follows for the purpose of properly managing and protecting personal information that we handle in the course of business activities, and establishing a system to protect personal information that enables service users who use the services provided by the Company (including services that the Company resells or acts as intermediary for; hereinafter referred to as "Our Services"), business partners, shareholders, investors, and applicants for employment (collectively referred to as "Customers" hereinafter; whether or not a contract has been concluded) to feel secure about the protection of personal information.

  1. Compliance with Laws and Regulations
    With regard to the acquisition, use and all other handling of information on individuals that is regulated by the Act on the Protection of Personal Information (the “APPI”), including personal information (hereinafter referred to as "personal information"), we abide by the APPI, the provisions concerning secrecy of communications set forth in the Telecommunications Business Act and other related laws and regulations, Guidelines for the Personal Information Protection in Telecommunications Business (the "Guidelines"), and this Privacy Policy.
  2. Personal Information Handled by the Company
    The personal information handled by the Company includes the following:
    ■ Personal information directly provided by Customers
    Examples:
    • Personal information such as names, addresses, email addresses, and telephone numbers that Customers provide to the Company when applying for or contracting Our Services, making inquiries about Our Services or requesting materials, or otherwise contacting the Company
    • Personal information such as names, addresses, and identity verification document images that service users provide to the Company by inputting into our system when using Our Services
    • Personal information such as names, addresses, telephone numbers, email addresses, and career histories that applicants for employment provide to the Company when applying
    ■ Personal information indirectly provided by third parties
    Examples:
    • Personal information such as names, telephone numbers, and email addresses of service users that is provided to the Company as recipients of electronic signature request documents in connection with the use of Our Services
    ■ Personal information automatically recorded in connection with the use of Our Services
    Examples:
    • IP addresses
    • Referrers
    • Pages being viewed (URLs and page names)
    • Browser information
    • Internet usage environment
    • Product ID, product name, manufacturer ID, manufacturer name
    • Purchase history
    • Credit card usage status
    ■ Personal information obtained from publicly available media such as the Internet
    Examples:
    • Names, telephone numbers, email addresses, etc. listed in Whois information
  3. Identification and Announcement of Purpose of Use
    The purposes of use of personal information acquired by the Company differ for each type of Customer and are as follows respectively.
    Unless otherwise provided for in laws and regulations or the Guidelines, we do not handle personal information beyond the scope necessary for the achievement of these purposes of use.
    1. Service Users
      We use personal information of service users for the following purposes:
      • To provide and operate Our Services
      • To improve functions and convenience of Our Services
      • To provide support for Our Services (including responding to failures of Our Services, and responses to inquiries and complaints after discontinuation of Our Services)
      • To verify the identity of customers in various procedures relating to Our Services
      • To invoice fees for Our Services
      • To detect and prevent unauthorized use of credit cards used by service users
      • To notify changes of terms and conditions for Our Services and the discontinuation of Our Services
      • To notify the suspension, termination of contracts, amendment of terms and conditions, or violation of contracts of Our Services used by service users
      • To use as a point of contact when conducting surveys to improve response quality and service in relation to Our Services
      • To improve response quality and develop response services for inquiries from service users regarding Our Services (including recording and documenting telephone responses)
      • To provide information on the Company's or our group companies' products, services, various events and campaigns, etc. (including analysis of obtained browsing history, purchase history and other information as a premise)
      • To develop new services and products of the Company or our group companies (including analysis of obtained browsing history, purchase history and other information as a premise)
      Note that the company does not use the contents sent by service users to specific recipients other than our company (such as emails sent between users or contracts on electronic signature services) for any purpose other than transmission, and we do not acquire or handle personal information contained in the transmitted content.
    2. Business Partners
      We use information of business partners for the following purposes:
      • For business operations, communications necessary for business, and improvement thereof
      • For identity verification, fraud prevention, and credit assessment necessary for transactions
      • To provide information on the Company's or our group companies' products, services, various events and campaigns, etc. (including analysis of obtained browsing history, purchase history and other information as a premise)
    3. Shareholders and Investors
      We use information of shareholders and investors for the following purposes:
      • To send notices of convocation of shareholders' meetings and for other rights and obligations under the Companies Act and other laws
      • To provide benefits to shareholders and investors (various shareholder special benefit plans, etc.)
      • To implement various measures to smooth relations between shareholders, investors and the Company (surveys, etc.)
      • For information management such as preparing data of shareholders and investors according to prescribed standards under various laws and regulations
      • To respond to inquiries and requests from shareholders and investors
    4. Applicants for Employment
      We use information of applicants for employment for the following purposes:
      • To conduct hiring selection
      • To notify hiring decisions and selection results in the hiring process
      • To provide information and communicate regarding hiring selection
      • After hired applicants join the Company, to comply with laws and regulations and internal rules, and to implement all matters relating to personnel affairs, labor affairs, benefits and other employment management
      • For other purposes for which the consent of applicants for employment has been obtained
  4. Retention Period
    Unless otherwise provided for by law, we set a retention period for personal information within the scope necessary for the purposes of use and erase personal information without delay after the retention period expires or the purposes of use are achieved.
  5. Security Control Measures
    We endeavor to keep personal information accurate and up to date and take necessary and appropriate security control measures to protect personal information from unauthorized access, tampering, leakage, loss and damage.
    (Development of Rules for the Handling of Personal Data)
    Formulating rules for the handling of personal data with respect to the handling method, the responsible person/person in charge, and their duties, etc. for each stage of acquisition, use, storage, provision, deletion, disposal, etc. Note that in this Privacy Policy, personal data includes personal information that the Company has acquired or intends to acquire and that is scheduled to be handled as personal data.
    (Organizational Security Control Measures)
    • Assigning a person to be responsible for the handling of personal data, clarifying which employees handle personal data and the scope of personal data handled by them, and developing a system for reporting and communication to the responsible person in the event that any actual or potential violation of law or the handling rules is found
    • Conducting periodic self-inspections concerning the status of the handling of personal data, and implementing audits by other departments and external parties
    (Human Security Control Measures)
    • Conducting periodic training for employees on matters of concern regarding the handling of personal data
    • Specifying matters concerning the confidentiality of personal data in the Rules of Employment
    (Physical Security Control Measures)
    1. In areas where personal data is handled, controlling the entry and exit of employees and restricting equipment brought in, and implementing measures to prevent unauthorized persons from viewing personal data
    2. Taking measures to prevent theft or loss of equipment, electronic media and documents, etc. that handle personal data, and implementing measures to prevent personal data from being easily identified when carrying such equipment and electronic media, including movement within offices
    (Technical Security Control Measures)
    1. Implementing access control to limit persons in charge and the scope of personal information databases, etc. that may be handled
    2. Introducing systems to protect information systems that handle personal data from unauthorized external access or unauthorized software
    (Understanding of External Environments)
    • Implementing security control measures based on an understanding of the system for protection of personal information in countries where personal data is stored
  6. Supervision over Employees
    The Company exercises necessary and appropriate supervision over employees to ensure the security control of personal information. In addition, we provide employees with necessary education and training to ensure the proper handling of personal information.
  7. Supervision over Contractors
    The Company may entrust a third party with the handling of personal information in whole or in part within the scope of the purposes of use. When selecting contractors, we confirm that the contractors properly handle personal information and require that they handle personal information appropriately. In addition, we exercise necessary and appropriate supervision over the contractors, such as including provisions in contracts related to audits of the handling of personal information.
  8. Provision to Third Parties
    Except as provided by laws and regulations or the Guidelines, we do not provide third parties with personal information without consent. However, the Company may provide personal information of Customers to third parties in the following cases:
    1. Provision to Credit Card Companies
      [Service users who pay for Our Services by credit card]
      The Company supports 3D Secure 2.0 in credit card payments and implements measures to prevent unauthorized use of credit cards. Therefore, we provide personal information collected from service users to the card issuing company used by service users and payment processing companies for fraud detection and prevention by card issuing companies. When the card issuing company used by service users is located in a foreign country, this information may be transferred to the country where the issuing company belongs. Since we cannot identify the card issuing company used by service users and the country or region where the company is located from the information we collect from service users, we cannot obtain and provide information about foreign card issuing companies. Information about personal information protection systems in various countries is available on the Personal Information Protection Commission website (https://www.ppc.go.jp/en/index.html).
    2. Provision to Other Domestic Third Parties
      [Service users who use Our Services or make inquiries]
      The Company may provide personal information received from service users who use Our Services or make inquiries to domestic advertising distribution companies for advertising distribution related to the Company or our group companies.
    3. ther Provision to Overseas Third Parties
      [Service users who use ALTUS advance]
      The Company may provide personal information received from customers who use ALTUS advance to third parties as described in a and b below.
      [a]
      Purpose: Detection and prevention of unauthorized use of Our Services
      Personal information provided: Email address, company name, name, telephone number, billing address, device information (IP address, browser information, OS version, etc.), first 6 digits and last 4 digits of credit card
      Recipient of the above personal information: Sift Science, Inc. (California, USA) 525 Market Street, Sixth Floor, San Francisco, CA 94105 Email: privacy@sift.com
      For the handling of provided personal information, please refer to Sift Science, Inc.'s privacy policy Sift Service Privacy Notice (https://sift.com/legal-and-compliance/service-privacy-notice/)
      [b]
      Purpose: To notify service users by email of information necessary for using Our Services (including issuing and authenticating Company service accounts and responding to cancellations)
      Personal information provided: Email address
      Recipient of the above personal information: Twilio Inc. (California, USA) 101 Spear Street, 5th Floor, San Francisco, CA 94105 Email: privacy@twilio.com
      The provided personal information is handled in accordance with Twilio Inc.'s Data Protection Addendum. Please refer to https://www.twilio.com/ja-jp/legal/data-protection-addendum
      The personal information protection systems in countries where Sift Science, Inc. and Twilio Inc. are located are as follows:
      [United States of America]
      Reference: Survey of Personal Information Protection Systems in the United States Federal Government on the Personal Information Protection Commission website https://www.ppc.go.jp/enforcement/infoprovision/laws/offshore_report_america/
      [California]
      Reference: Survey of Personal Information Protection Systems in California on the Personal Information Protection Commission website https://www.ppc.go.jp/files/pdf/california_report.pdf
  9. Joint Use
    The Company conducts joint use as follows:
    1. Service Users and Business Partners
      Person responsible for the management of personal information GMO Internet, Inc. (Masatoshi Kumagai, Founder, Chairman and Group CEO)
      Joint users' purposes of use Same as the content specified in "3.1 Service Users" and "3.2 Business Partners"
      Items to be used jointly Name, organization name, address, telephone number, fax number, email address, credit card information, account information, domain name, contract information, and other items within the scope necessary for the above purposes of use
      Joint users GMO Internet, Inc. and its group companies (meaning affiliates and subsidiaries listed at https://group.gmo/en/company-profile/groupinfo/; collectively "GMO Internet Group")
      *Group companies may be changed in the future due to new incorporations and consolidations, etc. For the latest status, please refer to https://group.gmo/en/company-profile/groupinfo/
    2. Shareholders and Investors
      The Company does not jointly use personal information received from shareholders and investors with specific parties.
    3. Applicants for Employment
      The Company does not jointly use personal information received from applicants for employment with specific parties.
  10. Requests for Disclosure
    Any request for notification of purposes of use of personal information, disclosure, correction, addition, deletion, discontinuation of use of personal information, or discontinuation of provision to third parties may be filed in accordance with procedures designated by the Company. Please refer to this link (https://www.gmogshd.com/legal/method) regarding procedures for requests for disclosure of personal information.
  11. Anonymously Processed Information
    Anonymously processed information means information about individuals produced by processing personal information with measures prescribed by law so that no specific individual can be identified and the original personal information cannot be restored.
    1. When producing anonymously processed information
      1. The Company performs proper processing in accordance with standards prescribed by law.
      2. The Company implements security control measures to prevent leakage of deleted information or information on processing methods in accordance with standards prescribed by law.
      3. When the Company produces anonymously processed information, we publicly announce in this Privacy Policy the items of information contained in the produced anonymously processed information.
      4. The Company does not collate anonymously processed information with other information to identify individuals who are the subjects of the original personal information.
    2. When providing anonymously processed information to third parties
      1. When the Company provides anonymously processed information, we publicly announce in this Privacy Policy the items of personal information contained in the anonymously processed information to be provided and the method of provision.
      2. We clearly indicate to the recipient third party that the information to be provided is anonymously processed information.
  12. Pseudonymously Processed Information
    Pseudonymously processed information means information about individuals produced by processing personal information with measures prescribed by law so that no specific individual can be identified unless it is collated with other information.
    1. When producing pseudonymously processed information
      1. The Company produces pseudonymously processed information after proper processing in accordance with standards prescribed by law.
      2. The Company implements security control measures to prevent leakage of information deleted during the production process or information on processing methods (collectively "Deleted Information") in accordance with standards prescribed by law.
    2. When obtaining pseudonymously processed information and Deleted Information
      1. The Company implements security control measures to prevent leakage of Deleted Information in accordance with standards prescribed by law.
      2. When the Company obtains pseudonymously processed information, particularly personal information that is pseudonymously processed information, we promptly publicly announce the purposes of use in "Identification and Announcement of Purpose of Use" of this Privacy Policy, unless previously announced.
    3. When handling pseudonymously processed information as a database
      1. The Company implements necessary and appropriate security control measures to protect against unauthorized access, tampering, leakage, loss and damage.
      2. The Company does not collate pseudonymously processed information with other information to identify individuals who are the subjects of the original personal information.
      3. The Company does not use contact information or other information contained in such pseudonymously processed information to make telephone calls, send mail or correspondence, transmit telegrams, send by facsimile or electronic means, or visit residences.
      4. Except when exempted pursuant to the provisions of Article 41, Paragraph 9 of the APPI, other handling shall be governed by the publicly announced matters under the APPI.
  13. Personal Referable Information
    Personal referable information means information on living individuals that does not constitute personal information, anonymously processed information, or pseudonymously processed information.
    1. When obtaining personal referable information from providing third parties as personal data
      1. Personal information obtained from Customers may be collated with personal referable information provided by third parties, and the personal referable information may become personal data that identifies individuals.
      2. Items of covered personal referable information: All personal referable information
      3. Purposes of use after acquisition: The purposes of use specified in "Identification and Announcement of Purpose of Use" of this Privacy Policy apply.
      The Company may:
      • Obtain personal referable information including web browsing history and analysis results collected by cookies from third-party data management platforms, link this with personal data of Customers, and use it for advertising distribution and product/service information related to the Company or our group companies. Furthermore, we may obtain information such as browsing history of affiliate target sites from affiliate advertising companies or their agents, link this with personal information of Customers, and use it to confirm affiliate advertising results.
    2. When providing personal referable information as a database to third parties
      1. We provide personal referable information to the recipients announced below. The third party may collate the received personal referable information with personal information they possess, and the personal referable information may become personal data that identifies individuals. We describe below the recipients and items of personal referable information subject to provision. Currently, as there is no plan to provide personal referable information as a database to third parties, we do not announce recipients or items of covered personal referable information.
      2. The purposes of use by recipients after obtaining personal referable information as personal data are notified or announced by the recipients.
  14. Accessibility Guidelines
    With the spread of the Internet, corporate websites have become increasingly important, and more users are using websites as a means to access information. Since May 1999 when The World Wide Web Consortium (W3C), an international web standardization organization, released "Web Content Accessibility Guidelines 1.0," web accessibility guidelines, companies primarily in Europe and America have been advancing initiatives for web accessibility.

    We aim to create websites where users who visit our website can access necessary information and that are easy to use.
    1. Assuming that diverse users with different purposes of use, presence or absence of physical disabilities, ages, and experience levels visit our website, we consider making it easy for them to obtain, understand, and operate necessary information. Among the information disseminated by our website, there is a mixture of information directed at general users and information directed at specific users, and it may not be practical to provide all information in a format that is easy for all users to use. Therefore, we provide information to intended users in appropriate ways according to the publication purpose of each site.
    2. Assuming that users have diverse Internet usage environments, we consider enabling them to obtain, understand, and operate necessary information. Software and assistive technologies that users use to access websites or make them easier to access are provided in various standards by domestic and international manufacturers and are regularly updated. Our website aims to operate with attention to trends in these assistive technologies so as to coordinate with as much software and assistive technology as possible.
  15. Continuous Improvement
    The Company makes continuous efforts to improve the handling of personal information within the company through developing internal rules on personal information protection, employee education, and implementing internal audits.
  16. Changes to the Privacy Policy
    When the Company makes changes to personal information to be acquired, purposes of use, or other changes to the Privacy Policy, such changes are announced by posting on our website. The revised Privacy Policy becomes effective as of the revision date displayed on the website.

Last revision date: September 30, 2025

Back to TOP