Privacy Policy (Publicly Announced Matters under the Act on the Protection of Personal Information)


PrivacyPolicy

 We, GMO GlobalSign Holdings K.K. ("we," "our," or the "Company"; please refer to "Corporate summary" (Link)), set this Privacy Policy as follows for the purpose of properly managing and protecting personal information that we handle in the course of business and establishing a system to protect personal information that enables customers, business partners (whether or not a contract has been concluded; collectively "Customers"), shareholders, investors (collectively "Shareholders"), and applicants for employment to feel secure.

Compliance with Laws and Regulations

 With regard to the acquisition, use and all other handling of information on an individual that is regulated by the Act on the Protection of Personal Information (the "APPI"), including, but not limited to, personal information (hereinafter referred to as "personal information"), we abide by the APPI, the provisions of secrecy of communications set forth in the Telecommunications Business Act and other related laws and regulations, Guidelines for the Personal Information Protection in Telecommunications Business (the "Guidelines"), and this Privacy Policy.

Identification and Announcement of Purpose of Use

 The purposes of use of personal information we acquire are as follows.
 Unless otherwise provided for in laws and regulations or the Guidelines, we do not handle personal information beyond the scope necessary for the achievement of these purposes of use.

1.Customers

 We use information of Customers for the following purposes, including their names, addresses, e-mail addresses, telephone numbers, IP addresses, access histories and purchase histories, that Customers have provided to us when contracting for Our Services and requesting materials related to Our Services

  • To register information necessary for the operation of the contracted services (including responses to failures of Our Services, and responses to inquiries and complaints after discontinuation of Our Services) in the customer management system used by us when Customers contract for services that we provide or resell, or in which we act as intermediary ("Our Services"); and to register information necessary to provide prospective customers who have not contracted for Our Services with information on the Company's or our group companies' products, services, various events and campaigns, etc.
  • To confirm personal identity in various procedures relating to Our Services
  • To invoice fees for services that we provide or resell, or in which we act as intermediary
  • To notify changes of terms and conditions for Our Services and the discontinuation of Our Services
  • To notify the suspension, termination of contracts, amendment of terms and conditions, or violation of contracts of Our Services used by Customers
  • To use as a point of contact when conducting a survey to improve the response quality and service in relation to Our Services
  • To check the history of past responses and use as a point of contact when responding to inquiries and requests regarding Our Services
  • To provide information on the Company's or our group companies' products, services, various events and campaigns, etc. (For the purpose of planning such activities, we analyze Customers' information including access histories and purchase histories but not limited to, obtained by us as well.)
  • To develop new services and products of the Company or our group companies (For the purpose of planning such activities, we analyze Customers' information including access histories and purchase histories but not limited to, obtained by us as well.)

2.Shareholders

 We use information of Shareholders for the following purposes, including their names, addresses, telephone numbers, e-mail addresses and acquired shares, that Shareholders have provided to us when acquiring shares of the Company.

  • To send a notice of convocation of shareholders' meeting so that Shareholders may exercise their rights and fulfill their obligations under the Companies Act and other laws
  • To provide Shareholders with benefits (various shareholder special benefit plans, etc.)
  • To implement various measures to smooth relations between Shareholders and us (including surveys, etc.)
  • To manage information, such as the preparation of data of Shareholders according to the prescribed standards under various laws and regulations

3.Applicants for Employment

 We use information of applicants for employment for the following purposes, including their names, addresses, telephone numbers, e-mail addresses and education and job histories, that applicants have provided to us at the time of applying for employment.

  • To notify hiring or rejection and selection results in the hiring process
  • To provide information and for communication in the hiring process
  • To comply with laws and regulations and internal rules, and to implement all matters relating to personnel affairs, labor affairs, benefits and other employment management after hired applicants have joined the Company
  • To use for other purposes for which the consent of applicants has been obtained

Retention period

 Unless otherwise provided for by law, we set a retention period for personal information to the extent necessary for the purposes of use and then erase personal information without delay after the retention period or the achievement of the purposes of use.

Security Control Measures

 We endeavor to keep personal information accurate and up to date and take necessary and appropriate security control measures to protect personal information from unauthorized access, tampering, leakage and loss.

(Development of Rules for the Handling of Personal Data)

 Formulating rules for the handling of personal data with respect to the handling method, the responsible person/person in charge, and his/her duties, etc. for each stage of acquisition, use, storage, provision, erase, disposal, etc.

(Organizational Security Control Measures)

  • Assigning a person to be responsible for the handling of personal data, clarifying which employees handle personal data and the scope of personal data handled by them, and developing a system for reporting and communication to the responsible person in the event that any actual or potential violation of law or regulation or the rules on the handling of personal data is found.
  • Conducting periodic self-inspections, and implementing audits by other departments and external parties concerning the status of the handling of personal data.

(Human Security Control Measures)

  • Conducting periodic training for employees on matters of concern regarding the handling of personal data.
  • Specifying matters concerning the confidentiality of personal data in the Rules of Employment.

(Physical Security Control Measures)

  1. In areas where personal data is handled, taking measures to control the entry and exit of employees and to restrict equipment that is brought in by employees, and to prevent unauthorized persons from viewing personal data.
  2. Taking measures to prevent theft or loss of equipment, electronic media and documents, etc. containing personal data, and to prevent personal data from being easily identified when carrying such equipment and electronic media, etc., including movement within offices.

(Technical Security Control Measures)

  1. Implementing access control to limit persons in charge and the scope of personal information databases, etc. that may be handled by such persons.
  2. Introducing a system to protect information systems that handle personal data from unauthorized access from outside or from unauthorized software.

(Understanding of External Environments)

  • Implementing security control measures based on an understanding of the system for protection of personal information in the country where personal data is stored.

Supervision over Employees

 We exercise necessary and appropriate supervision over our employees to ensure the security control of personal information. Moreover, we provide employees with training necessary to ensure the proper handling of personal information.

Supervision over Contractors

 We may entrust a third party with the handling of personal information in whole or in part within the scope of the purposes of use. When selecting contractors, we confirm that the contractors properly handle personal information and require that they handle personal information appropriately. In addition, we exercise necessary and appropriate supervision over the contractors, such as including provisions in our contracts related to audits of the handling of personal information.

Provision to Third Parties

 Except as provided by law or the Guidelines, we do not provide third parties with personal information without consent.

Joint Use

 We jointly use personal information as follows:

1.Customers

Person responsible for the management of personal information GMO Internet, Inc.
(Masatoshi Kumagai, Founder, Chairman and Group CEO)
Joint users' purposes of use Same as the content specified in "1. Customers" of "Identification and Announcement of Purpose of Use" above
Items to be used jointly Name, organization name, address, telephone number, fax number, e-mail address, credit card information, account information, domain name, contract information, and other items to the extent necessary for the above purposes of use
Joint users GMO Internet, Inc. and its group companies (meaning affiliates and subsidiaries listed in
https://www.gmo.jp/en/company-profile/groupinfo/; collectively, "GMO Internet Group")
*https://www.gmo.jp/en/company-profile/groupinfo/
Group companies may be changed in the future due to new incorporations and consolidations, etc. For the current situation, please refer to https://www.gmo.jp/en/company-profile/groupinfo/.

2.Shareholders

 We do not jointly use the personal information we receive from our Shareholders with any specific person.

3.Applicants for employment

 We do not jointly use the personal information we receive from applicants for employment with any specific person.

Request for Disclosure, etc.

 Any request for a notice of the purposes of use of personal information, or disclosure, correction, addition, deletion, discontinuation of use or discontinuation of the provision to a third party of personal information may be filed in accordance with procedures designated by the Company. Please refer to this link (Link) regarding any procedures for request for disclosure, etc. of personal information.

Anonymously Processed Information

 "Anonymously processed information" means information about individuals produced by processing personal information in the manner prescribed by law so that no specific individual can be identified and the original personal information cannot be restored.

1.When producing anonymously processed information

  1. We perform proper processing in accordance with the standards prescribed by law.
  2. We implement security control measures to prevent leakage of deleted information or information on processing methods in accordance with the standards prescribed by law.
  3. When we produce anonymously processed information, we publicly announce in this Privacy Policy the items of information contained in the produced anonymously processed information.
  4. We do not collate anonymously processed information with other information to identify any individual who is the subject of personal information from which the anonymously processed information was produced.

2.When providing a third party with anonymously processed information

  1. When providing anonymously processed information, we publicly announce in this Privacy Policy the items of information about individuals contained in the anonymously processed information that we intend to provide and the method of providing such anonymously processed information.
  2. We clearly indicate to the third party to whom the information is provided that the information to be provided is anonymously processed information.

Pseudonymously Processed Information

 "Pseudonymously processed information" means information about an individual produced by processing personal information in the manner prescribed by law so that no specific individual can be identified unless it is collated with other information.

1.When producing pseudonymously processed information

  1. We produce pseudonymously processed information after proper processing in accordance with the standards prescribed by law.
  2. We implement security control measures to prevent leakage of information that has been deleted in the course of producing pseudonymously processed information or information on processing methods (collectively the "Deleted Information") in accordance with the standards prescribed by law.

2.When obtaining pseudonymously processed information and Deleted Information,

  1. We implement security control measures to prevent leakage of Deleted Information in accordance with the standards prescribed by law.
  2. When we obtain pseudonymously processed information, particularly personal information, we publicly announce without delay the purposes of use in the Identification and Announcement of Purposes of Use of this Privacy Policy, unless it has been announced in advance.

3.When handling pseudonymously processed information as a database

  1. We implement necessary and appropriate security control measures to protect pseudonymously processed information against unauthorized access, tampering, leakage and loss.
  2. We do not collate pseudonymously processed information with other information to identify any individual who is the subject of personal information from which the pseudonymously processed information was produced.
  3. We do not use any contact or other information contained in such pseudonymously processed information to make calls, send mail, correspondence or telegrams, transmit documents by facsimile or electronic means, or visit any residence.
  4. Except when the application is exempted pursuant to the provisions of Article 41, Paragraph 9 of the APPI, the handling of other personal information shall be governed by what shall be publicly announced under the APPI.

Personally Referable Information

 "Personal referable information" means information on a living individual that does not constitute personal information, anonymously processed information or pseudonymously processed information.

1. When obtaining personal referable information as personal data from a third party

  1. Personal information obtained from Customers may be collated with personal referable information provided by a third party, and the personal referable information may become personal data that identifies an individual.
  2. Items of personal referable information covered above: all personal referable information
  3. Purposes of use after acquisition: The purposes of use in the Identification and Announcement of Purposes of Use of this Privacy Policy applies.

2. When providing a third party with personal referable information as a database

  1. We provide the third parties listed below with personal referable information. Personal referable information received by the third party may be collated with personal information held by the third party, and the personal referable information may become personal data that identifies the individual. The third party to whom the personal referable information is provided and the items of personal referable information to be provided are described below. At present, as there is no plan to provide third parties with personal referable information as a database, we have not publicly announced any third party to whom personal referable information is provided or items of personal referable information to be provided.
  2. The third party to whom personal referable information is provided notifies or publicly announces its purposes of use after the third party obtains personal referable information as personal data.

Accessibility Guidelines

 With the spread of the Internet, corporate websites have become more important, and more people are using websites as a way to access information. Since May 1999 when The World Wide Web Consortium (W3C), an international organization for the standardization of the Web, released the Web Content Accessibility Guidelines 1.0, a set of accessibility guidelines for the Web, many companies, especially in the United States and Europe, have been working on web accessibility.

 Our goal is to make the website easy to use and accessible to necessary information for users who visit our website.

  1. Assuming that a variety of users with different purposes of use, physical disabilities, ages, and levels of experience visit our website, we make sure that they can easily obtain, understand and operate the necessary information. As some of the information on our website is announced to general users and others to specific users, it may not be practical to provide all the information in an easy-to-use format for all users. Accordingly, we provide the intended users of each website with information in an appropriate manner according to the publication purpose of each website.
  2. Assuming that users have diverse Internet usage environments, we make sure that they can obtain, understand and operate the necessary information. The software and support technologies to access websites or make it easier to access websites are provided in various standards by manufacturers in Japan and overseas, and are updated as needed. This website focuses on trends in these support technologies so as to coordinate with as much software and support technologies as possible.

Continuous Improvement

 We make continuous efforts to improve the handling of personal information internally through development of internal rules on the protection of personal information, training of employees, and implementation of internal audits, etc.

Changes to the Privacy Policy

 In the event of any change in personal information to be obtained, the purposes of use, or any other changes to the Privacy Policy, such changes are announced by posting on our website. The revised Privacy Policy becomes effective as of the revision date displayed on the website.

Last revision date: June 16, 2023