ZAIKO K.K. (“Company”) hereby sets forth this Privacy Policy ("Policy") that relates to the handling of Personal Information in order to protect the Personal Information of customers that use the services provided by the Company (“Customers”) and to comply with the Act on the Protection of Personal Information of Japan (“Act”) as well as any other applicable laws, regulations and guidelines. The name, address and representative director of the Company are as follows:

ZAIKO K.K.
K’s Nishiazabu 5F, 2 Chome-13-6 Nishiazabu, Minato-ku, Tokyo, Japan 106-0031
Representative Director: Malek Nasser

Article 1 (Customer Information)
In this Policy, "Customer Information" shall mean Personal Information (as defined in Article 2 of the Act; the same applies hereinafter) and any other information collected by the Company in accordance with this Policy. Customer Information includes:

  • profile information, including Customers’ names, dates of birth, sex, occupations, employers, identification documents and the like;
  • contact information, including Customers’ e-mail addresses, telephone numbers and mailing addresses;
  • payment information, including credit card information, bank account information, electronic money information and the like;
  • information entered or transmitted by Customers through input forms or other methods specified by the Company;
  • information that Customers have permitted to be disclosed when using external, third-party services in connection with the use of the services that the Company provides by setting the privacy settings of such external, third-party services accordingly, such as their ID (including e-mail address) and password on such external, third-party services; and
  • log information and information related to the Customers’ activity history (including cookies and other identifiers).

Article 2 (Collection and Use of Personal Information)
The Company shall collect and use Customer Information for the following purposes.

(1) To process membership registration, to verify a person’s identity, to authenticate a user, to record user settings, to process payments of usage fees and payouts to be made by the Company, and to provide and carry out services including delivery or provision of products, benefits, and gifts

(2) To maintain, protect and improve services, including temporary backup storage for the operation of the Company’s services, protection of the network and system security used for the Company’s services, and improving the convenience of the Company’s services and expanding their functions

(3) To conduct advertising and marketing (for the purpose of analyzing acquired browsing history, purchase history and other customer information to serve appropriate advertisements for cases where advertisements related to products and services are served according to Customers’ preferences).

(4) To provide information on the Company’s services, respond to inquiries and handle lawsuits, disputes and the like.

(5) To respond to and prevent violations of the Company's terms of service and unauthorized use of the Company’s services.

(6) To provide notices regarding changes to the Company’s terms of service and other important matters regarding the services that the Company provides, including changes to the content of the services, suspension or discontinuation of the services, or contract termination

Article 3 (Security Management)
In order to prevent the divulgence, loss, or damage of Customer’s Personal Information and otherwise protect Customer’s Personal Information, the Company shall takes necessary and appropriate measures to manage the security of Customer’s Personal Information, including the following measures:

(Establishment of basic policies)

  • The Company has formulated basic policies regarding the management and protection of information, including this Policy, to ensure that Customer’s Personal Information is handled appropriately.

(Establishment of rules regarding the handling of Personal Information)

  • The Company has formulated internal rules regarding the basic procedures for acquisition, use, and storage of Personal Information, the roles responsible for those procedures, and the duties of those roles.

(Organizational security measures)

  • The Company has established roles responsible for the handling of Personal Information (“Administrators”), and formulates and ensures employees’ compliance with internal rules and manuals regarding the secure management of Personal Information, and Administrators confirm that Personal Information is handled in accordance with the existing basic procedures and internal rules.
  • In order to ensure the above, the Company conducts internal training courses on the secure management of Personal Information, and has established a system for reporting violations and potential violations of the basic procedures and internal rules.

(Personnel security measures)

  • In addition to conducting internal training courses on the secure management of Personal Information, managers confirm that employees attend those courses.
  • In addition to establishing internal rules regarding the confidentiality of Personal Information, the Company has new hires sign a covenant that includes provisions regarding the confidentiality of Personal Information.

(Physical security measures)

  • Devices and media that may be used to access or store Personal Information are limited to those provided by the Company, and measures are taken to prevent unauthorized access to personal data, including encouraging employees to change passwords regularly and immediately revoking the privileges of employees who lose authorization to access Personal Information due to reassignment or resignation.
  • Safety measures are in place to prevent the divulgence, loss, or theft of documents and data containing Personal Information, including setting passwords, encouraging employees to change passwords regularly, and remote deletion of records including Personal Information from devices and storage media in the event of an emergency.

(Technical security measures)

  • There are access controls on the databases containing Personal Information and information systems capable of accessing Personal Information, and countermeasures are in place to protect them from unauthorized access and malicious software,
  • Countermeasures to prevent unauthorized outside access to the network are in place, including firewalls.

(Monitoring of external circumstances)

  • When Personal Information is handled outside Japan under this Policy, measures are taken for the secure management of that Personal Information after ascertaining the relevant country’s systems, etc. for the protection of Personal Information.

Article 4 (Handling of E-mail Addresses)

  • In order to protect Customers’ e-mail addresses, the Company shall take measures to limit employees’ access to Customers email addresses to authorized employees only.
  • For notices that require communication to Customers by the Company, such as “important notices,” the Company shall send emails to all the Customers at their registered email addresses.

Article 5 (Cookies and Other Technologies)

  • The Company's website uses technology called "Cookies" and other similar technologies.
  • A “Cookie” is data that identifies individual users, which is sent to the web browser of a Customer from the server (HTTP) that is being used to operate a website. By using Cookies, a Customer’s information can be recorded on the Customer's computer, such as in the hard drive.
  • On the Company’s website, Cookies are used to collect information, such as Customers’ logins to their profile as well as overall trends and patterns of the website. The collected information is used by the Company to analyze the trends of how the Company’s website has been accessed for the purpose of the Company being able to improve upon the services it provides.
  • The Company shall never use Cookies in combination with information that can identify individual Customers.
  • Customers can change the settings on their browsers to disable the Cookies function; however, some or all the services on the website may become unavailable as a result.

Article 6 (Disclosure and Sharing of Personal Information)
The Company shall not provide any Personal Information that is Customer Information to any third parties (including parties located outside of Japan) without the prior consent of Customer; provided that the foregoing shall not apply to the following cases in which Personal Information is provided to a third party (including parties located outside Japan):

(1) when the Company outsources all or a part of the handling of Personal Information to a third party to the extent necessary to achieve the purposes of using Customer Information that are listed in Article 2;
(2) when it is necessary for the protection of the life, body, or property of an individual and when it is difficult to obtain the consent of the Customer;
(3) when Personal Information is provided to the other party of a merger or to a third party to whom the Company’s business is being transferred to due to a merger or other circumstances;
(4) when it is necessary to cooperate with a national agency, a local government, or a person or organization entrusted by either of the foregoing in order to execute certain affairs that are set forth by laws and regulations and when obtaining the consent from a Customer is likely to impede the execution of such affairs; or
(5) any other cases permitted under the Act and/or other laws and regulations.

Article 7 (Provision of Customer Information to Third Parties)

1. When Personal Information is provided to third parties
The Company shall provide certain Customer Information, which may include Personal Information, to parties that sell goods tickets and other tangible and non-tangible items (“Products”) to Customers (“Vendors”) by using certain services provided by the Company upon obtaining the Customer’s consent and other third parties only for the purposes that are set forth below.

Purpose of Provision

Party Receiving Customer Information

Types of Customer Information that will be Provided

1. For Customers to purchase Products that are sold by Vendors and for the Vendors to deliver the Products

Vendor

Name, address, telephone number

2. To implement compliance measures related to Customers (including KYC measures and confirmation of customer attributes) for services that the Company provides

Third parties that assist the Company with such compliance measures

Name, telephone number, data related to personal verification obtained from the Customer and any information that is indicated in such data

3. To advertise the Company’s services and Products via third-party services (including but not limited to Facebook Custom Audiences)

Companies that implement such third-party services

E-mail address, identifiers such as Cookies


2. Provision to Parties Located Overseas
In cases that are set forth in Article 7(1) as well as in other cases, the Company may provide Customer Information to Vendors that are located overseas upon obtaining the consent of the Customer. Please find the following information below: (i) the countries where the Vendors who will be provided Personal Information are located; (ii) the laws and regulations relating to the protection of Personal Information in such countries; and (iii) the measures that the Vendor is taking to protect Personal Information.

Country

Laws relating to the Protection of Personal Information

Measures taken to protect Personal Information

USA (California, Georgia, Massachusetts, Washington, Delaware, Texas)

The USA does not have comprehensive laws and regulations regarding the protection of Personal Information at the federal level. For details, see: https://www.ppc.go.jp/files/pdf/USA_report.pdf

 

However, in some states there are comprehensive laws at the state law level regarding the protection of Personal Information. For details, see:

https://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx

 

For information on the protection of Personal Information under California law, see:

https://www.ppc.go.jp/files/pdf/california_report.pdf

Under the service contract with us, the Vendor is required to handle personal data within a limited scope of use, implement necessary and appropriate security management measures, and properly monitor employees as necessary and appropriate, and is prohibited from subcontracting the work or providing the personal data to third parties.

Ireland, Netherlands

Ireland and Netherlands are subject to the EU’s comprehensive law on the protection of Personal Information (the General Data Protection Regulation or GDPR), and have systems for the protection of Personal Information that are considered to be equivalent to those of Japan in terms of protecting the rights and interests of individuals. For details, see:

https://www.ppc.go.jp/enforcement/infoprovision/laws/GDPR/

Under the service contract with us, the Vendor is required to comply with the GDPR.

Israel

Israel has a comprehensive law on the protection of Personal Information (the Privacy Protection Law). For details, see:

https://www.gov.il/en/departments/general/regulations_mechanisms

 

See also:

https://www.ppc.go.jp/files/pdf/israel_report.pdf

Under the service contract with us, the Vendor is required to handle personal data within a limited scope of use, implement necessary and appropriate security management measures, and properly monitor employees as necessary and appropriate, and is prohibited from subcontracting the work or providing the personal data to third parties.

Canada

Canada has a comprehensive law on the protection of Personal Information (the Personal Information Protection and Electronic Documents Act). For details, see:

https://www.ppc.go.jp/files/pdf/canada_report.pdf

Under the service contract with us, the Vendor is required to handle personal data within a limited scope of use, implement necessary and appropriate security management measures, and properly monitor employees as necessary and appropriate, and is prohibited from subcontracting the work or providing the personal data to third parties.

Article 8 (Disclosure, Correction etc. of Personal Information)

  • If a Customer, himself, herself or itself, wishes to request that his, her or its Personal Information be disclosed, corrected, added to, deleted, no longer be used, etc. (“Customer Request”), such Customer should contact the Company by contacting the point of contact specified in Article 9.
  • When Customers make a request in accordance with the preceding paragraph of this Article 8, the Company shall take measures to respond to the Customer Request upon confirming that the Customer, himself, herself or itself, was the person who submitted the request. However, the foregoing shall not apply if the Company does not have any obligations to comply with the Customer Request under the Act or any other laws or regulations.

Article 9 (Inquiries)
If Customers have any comments, questions, complaints or any other inquiries regarding the Company's handling of Personal Information, please contact the following:
ZAIKO K.K. Contact Form: https://zaiko.io/contactus

Article 10 (Organization and Structure)

  • The Company shall appoint a person who is responsible for information security to be the person responsible for managing Personal Information. Such person shall appropriately manage and continuously improve upon the handling of Personal Information.
  • The Company shall comply with any guidelines related to the protection of Personal Information, such as the Act, other applicable laws and regulations and the "Guidelines for Protection of Personal Information in Telecommunications Business" issued by the Japanese Ministry of Internal Affairs and Communications. In addition, the Company shall continuously improve upon its system of managing the protection of Personal Information in conjunction with any changes that may occur to its social surroundings.

Article 11 (Disclaimer)
The Company shall not be liable for any of the following cases.

  • When the Customer, himself, herself, or itself, reveals Customer Information to a third party by his, her, or its own volition, regardless of how such disclosure occurred.
  • When a Customer inputs or transmits its own Personal Information while using the Company’s services without being requested to do so by the Company, the Customer suffers damages as a result of the Company or a third party contractor working for the Company being able to identify the Customer.

Article 12 (Amendment)
The Company may revise this Policy as it deems necessary. If the Company revises this Policy, the Company shall either make the changes known by posting on its website or by other appropriate means or provide notice to Customers.

Article 13 (Language)
The original language of this Policy is Japanese. If there is any discrepancy between the Japanese version and any translation of this Policy into another language, the Japanese version will prevail.

Article 14 (Other Matters)
The services that the Company provides may include links to external services and the Company shall not be responsible for any matters whatsoever regarding the content or the protection of Personal Information in connection with such external services.

[Established and enforceable as of November 18, 2019]
[Amended as of August 11, 2021]
[Amended as of June 30, 2022]