Privacy Policy

1. Purpose and Basic Policy

The Company handles personal information obtained through our website, membership services, applications, and various inquiries (hereinafter "Services") in accordance with the Act on the Protection of Personal Information and related guidelines. We comply with the latest legal requirements, including establishing safety management measures, managing third-party provision, reporting and notification of leaks, and obtaining consent for provision to third parties in foreign countries.

2. Scope of Application

This policy applies to all Services operated and provided by the Company (our website, member pages, email/chat/SNS/inquiry forms, event applications, campaigns, apps, etc.). It does not apply to external service links or third-party sites/apps not operated by the Company.

3. Types of Information Collected

• Member Registration/Identity Verification: Name, email address, password, phone number (optional), address, date of birth, etc.
• Transactions/Payments: Order information, billing/shipping information, payment-related information (card information is primarily processed by payment service providers)
• Support/Inquiries: Inquiry content, call/chat history, etc.
• Device/Browsing Information: IP address, cookies/advertising IDs, device information, browser information, referrer, access date/time, logs, usage history, location information (with consent)
• Events, etc.: Application information, participation history, survey responses

4. Purpose of Use

• Provision of Services and member management (identity verification, login, contact, etc.)
• Execution of transactions, payments, shipping, and after-sales support
• Notices, campaigns, surveys, etc. (opt-out available)
• Quality improvement, new feature development, fraud prevention, security
• Legal compliance, investigation/response to troubles/fraud, record preservation
• Statistics and analysis (including creation and publication of anonymized information)

5. Use of Cookies and Handling of Personally Related Information

The Company uses cookies, advertising IDs, and similar technologies for convenience, access analysis, and advertising distribution. These may constitute "personally related information" and are acquired and used by the Company and partner businesses (analytics, advertising, etc.). When providing such information to third parties who may use it as personal data, we comply with legal requirements for confirmation, recording, and obtaining necessary consent. Cookies can be disabled through browser settings, but this may affect some service functions.

6. Third-Party Provision

The Company will not provide personal data to third parties except in the following cases:

• With the consent of the individual
• As required by law
• When necessary to protect life, body, or property and obtaining consent is difficult
• When applicable to outsourcing (Article 7)

When providing to or receiving from third parties, we confirm the provider/recipient and create and store records. We do not engage in opt-out third-party provision.

7. Outsourcing

The Company may outsource the handling of personal data to businesses such as cloud services, payment processors, shipping, customer support, analytics, and advertising to the extent necessary for business execution. We select and supervise outsourcing partners (contracts, confirmation of technical/organizational safety management measures, etc.).

8. Joint Use (Not Currently Implemented)

The Company does not currently engage in joint use of personal data. If we commence joint use in the future, we will notify individuals or make easily accessible the fact of joint use, items of personal data jointly used, scope of joint users, purpose of use by joint users, and the responsible party.

9. Provision of Personal Data to Third Parties in Foreign Countries (Not Currently Implemented)

The Company does not currently provide personal data to third parties located in foreign countries (outside Japan). If such provision becomes necessary, we will provide information about ① the name of the foreign country, ② information about the personal information protection system of that country, and ③ protection measures taken by the third party, and obtain consent from the individual before provision. We will create and store necessary records for continuous provision.

10. Safety Management Measures

• Establishment of basic policies and internal regulations (handling rules, responsible parties/inspection system, incident response procedures, etc.)
• Organizational: Access control, log inspection, outsourcing partner management, internal audits
• Personnel: Employment rules/pledges, training, confidentiality, retirement procedures
• Physical: Entry/exit management, key management for documents/media, removal rules
• Technical: Access control, encryption, malware protection, vulnerability response, multi-factor authentication, etc.

11. Response to Leaks

If a leak of personal data occurs that may harm the rights and interests of individuals, we will report to the Personal Information Protection Commission and notify the individuals, and promptly investigate the cause and implement preventive measures.

12. Requests for Disclosure (Access Rights/Correction/Deletion/Suspension of Use, etc.)

Individuals may request disclosure (including electronic provision), correction, addition/deletion, suspension of use, suspension of third-party provision, etc., of their personal data held by the Company. For request methods, fees, and response methods, please see "Procedures for Disclosure Requests" below. We also respond to requests for disclosure of third-party provision records.

13. Handling of Sensitive Personal Information

We will not acquire or use sensitive personal information such as race, creed, social status, or medical history without consent, except as required by law.

14. Personal Information of Minors

When minors use our Services, we will obtain parental consent and verify age as necessary.

15. Retention Period

Personal data is stored to the extent necessary to achieve the purpose of use and will be deleted or anonymized without delay after the expiration of the legal retention period.

16. Handling of Pseudonymized and Anonymized Information

• Pseudonymized Information: Created and used for internal analysis and statistical purposes, and individual identification is not performed.
• Anonymized Information: Items of information included at the time of creation are disclosed, and re-identification is not performed. Management and safety management measures are implemented.

17. Revision of this Policy

This policy may be revised in response to changes in laws and service content. Important changes will be announced on our website, etc.

18. Contact for Inquiries, Complaints, and Disclosure Requests

Humanify Personal Information Inquiry Desk

E-mail: contact@humanfy.studio

We will respond within the legally prescribed period after verifying your identity.