Privacypolicy

Privacypolicy

The Japanese Food and Ingredient Supply Chain Platform Consortium (hereinafter referred to as the"Company") will handle information obtained from customers (hereinafter referred to as"Customer Information, etc.") as described below to provide services from the Company (hereinafter referred to as the"Service").

Section 1 (General Rules)

1 The Company will comply with the Act on the Protection of Personal Information (hereinafter referred to as the"Personal Information Protection Act") and other relevant laws and regulations and make every effort to properly handle and protect Customer Information, etc. including personal information in order to realize the protection of Customer Information, etc.

2 This policy applies to all customers who have used the Service. When the Company specifies the provisions regarding the handling of Customer Information, etc. in the privacy policy posted on the website operated by the Company and other personal information protection policies or the Terms of Use, such provisions also apply. If such provisions conflict with this policy, this policy will prevail. Regarding those on the processing of personal data subject to the"General Data Protection Regulation (2016/679)" of EU, however,"On Handling of Personal Data Subject to GDPR," which is separately set forth by the Company, will prevail over this policy.

3 Terms used in this policy follow the definitions used in the Terms of Use of the Service unless otherwise specified.

4 The provisions of this policy do not apply to services provided by companies that offer services affiliated with the Service (hereinafter such companies are referred to as"Affiliated Partners" and such services are referred to as"Affiliated Service") and other services provided by parties other than the Company (hereinafter referred to as"External Service"). For handling of user information in Affiliated Service, please refer to the privacy policy, etc. separately set forth by companies that offer such Affiliated Service.

Section 2 (Information Collected by the Company and Collection Method Thereof)

1 When providing the Service, the Company will obtain Customer Information, etc. including personal information (“personal information" means information defined in paragraph 1 of Article 2 of the Personal Information Protection Act, and the same shall apply hereinafter) as provided below.

(1) Information to be provided by customers
The Company will obtain information on customers designated by the Company including the customer’s corporate, Company or individual’s name, gender, location or address, date of birth, his/her department, e-mail address, telephone number, personal identification information stated in the customer's identity documents.

(2) Information to be collected by the Company when the customer uses the Service and their associated services

a. Terminal information
When the customer uses the Service, the Company may collect terminal information used by the customer (e.g., ID information that can identify the terminal) in order to maintain and improve the Service or to prevent unlawful acts.

b. Log information, action history, and information on service usage
In order to maintain and improve the Service, or to prevent unlawful acts, the Company may collect IP address, date of request by the customer, operation history records at the time of the use of the Service, information on remittance and receipt of money and other information on usage status of the Service that are automatically generated and stored when the Company provides the Service or when the customer uses the Service.

c. Cookie and anonymous ID
The Company may use a technology called"Cookie" and similar technologies when providing the Service. Cookie is an industry standard technology with which a web server identifies a computer of a customer. Cookie can identify the customer’s computer but cannot identify the customer himself/herself. The function of Cookie can be invalidated by changing the settings on the electronic terminal, but please understand in advance that in that case, the Service may become unavailable.

2 The Company will obtain Customer Information, etc. by proper means, and not by false or other improper means. Additionally, when obtaining Customer information, etc. by other means than through the use of the Service by the customer, the Company will give prior notice or announcement of its intended use.

Section 3 (Purpose of Use)

1 The Company will properly handle the Customer Information, etc. obtained through the provision of the Service within the scope of the following purposes. The Company will not use it beyond that scope without the consent of the individual.

Purpose of use Details of the purpose Information to be used
Provision/maintenance/improvement of the Service
  • Personal identification and prevention of unauthorized use
  • Smooth provision, maintenance, and improvement of the Service
  • The customer’s corporate, Company or individual’s name, gender, location or address, date of birth, his/her department, e-mail address, telephone number, ID and password, personal identification information stated in the customer's identity documents.
  • Terminal information
  • Log information, action history, and information on service usage
  • Cookie and anonymous ID
Notification/response, etc. to customers, etc.
  • Provision of Information on the Service, response to inquiries, etc.
  • Notification of the terms of use, revisions to this policy, suspension or termination of the Service, contract termination and other important information concerning the Service
  • The customer’s corporate, Company or individual’s name, location or address, e-mail address, telephone number.
Creation of Statistical Data Creation of statistical data by processing the information provided in the right column so that individuals or specific users cannot be identified (Statistical Data).
  • Information on the customer
  • Action history
  • Information on service usage
Provision to a third party
  • A third party who received the information described in the right column from the Company will use such information for the following purposes:
  • Provision of the Service
  • Improvement and development of the Service
  • Development of businesses in collaboration with the Company
  • Information on the customer
  • Terminal information
  • Cookie and anonymous ID

A third party who received the information described in the right column will use such information for the following purposes:

  • Improvement and development of the Service
  • Development of businesses in collaboration with the Company
  • Analysis of advertising effectiveness
  • Market analysis and marketing

Statistical data created by processing the following information so that individuals or specific users cannot be identified (Statistical Data).

  • Information on the customer
  • Action history
  • Information on service usage

2 The Company may change the purpose of use set forth in the preceding paragraph to the extent that the purpose of use after the change is reasonably deemed duly related to the original purpose of use. When the purpose of use has been changed, the Company will notify the customer of, or publicly announce, any change by posting it on the website operated by the Company or by other easy-to-understand means.

Section 4 (Provision to a Third Party)

1 In principle, the Company will not provide personal information to any third party without obtaining the individual’s consent. In the following cases, however, the Company may provide personal information without the consent of the customer to the extent that it does not violate the relevant laws and regulations.

  • (1) The provision is based on laws and regulations.
  • (2) When using the Service, a user has harmed the interests of others or has committed or is about to commit an act that is offensive to public order and morals or other acts that violate the terms of use of the Service, necessary measures are taken for such acts.
  • (3) The provision is necessary for the protection of people's lives, bodies, or properties, and obtaining the individual's consent is difficult.
  • (4) The provision is particularly necessary for the improvement of public health or promotion of sound growth of children, and obtaining the individual’s consent is difficult.
  • (5) The provision is necessary for cooperating with government organizations, local authorities or their trustees in executing the affairs prescribed by laws and regulations, and obtaining the individual’s consent may hamper the execution of such affairs.
  • (6) Any part of business including the customer's personal information is succeeded through merger, company split, business transfer, or other reasons.

2 When the Company has provided personal data (“personal data" means data defined in paragraph 6 of Article 2 of the Act on the Protection of Personal Information in Japan, and the same shall apply hereinafter) to a third party based on the customer’s consent, the Company will make and maintain records of the following matters:

  • (1) The fact that prior consent has been given by the customer.
  • (2) The name of the third party or other information sufficient to identify the third party
  • (3) The name of the person identified by the personal data or other information sufficient to identify that person.
  • (4) Types of the personal data provided

3 Notwithstanding the provisions set forth in paragraph 1 of this section, the Company may provide to a third party the personal data included in Customer Information, etc. listed in the"Provision to a third party" column of the table in paragraph 1 of Section 3 by e-mail or other means, if the Company has notified the Personal Information Protection Commission. However, the Company will stop providing the personal data to the third party if the customer does not wish his/her own personal data to be provided to the third party and notify the Company.

4 In accordance with the provisions of the preceding paragraph, when the Company has provided personal data to a third party, the Company will make and maintain records of the following matters:

  • (1) Date when the personal data are provided
  • (2) The name of the third party or other information sufficient to identify the third party
  • (3) The name of the person identified by the personal data or other information sufficient to identify that person.
  • (4) Types of the personal data provided

Section 5 (Outsourcing of the Handling of Personal Information)

The Company may outsource all or part of the handling of personal information obtained from the customer within the scope necessary to perform the purpose of use. In that case, the Company will, in advance, conclude a confidentiality agreement with the trustees under terms and conditions that conform to this policy and conduct necessary and appropriate supervision to ensure proper safe management of the information by the trustee.

Section 6 (Shared Use)

The Company may share personal information obtained from customers with Affiliated Partners or other third parties as follows within the scope necessary for the provision of Affiliated Service, development of services, etc.

(1) Scope of parties involved in shared use
Please refer to HERE for the scope of parties involved in the shared use of personal information.
(2) Type of information to be shared
The"personal information" defined in Section 2 will be shared.
(3) Purpose of use of parties involved in shared use
Same as the purpose of use set forth in Section 3.
(4) Person in charge of the management of shared information
The Japanese Food and Ingredient Supply Chain Platform Consortium c/o Agri Holdings, Inc.

Section 7 (Information Collection Module)

The information collection module selected by the Company may be incorporated into the Service in order to analyze information such as usage status of the Service and advertising effectiveness of services including the Service. Accordingly, user information may be collected by providers of the information collection module. These information collection modules collect user information excluding information that identifies individuals, and the collected information is managed in accordance with the privacy policy and other terms and conditions specified by each information collection module provider.

Section 8 (Behavioral Targeting Advertisement)

1 In order for the Company or a third party such as an advertisement distributor to implement a targeting advertisement (an advertising method that delivers advertisements according to the needs or interests of users), the Company may collect the following information by using the information collection module prescribed in the preceding section and accumulate or use such information to provide the Service or Affiliated Service.

  • (1) Action history and information on service usage status (information, such as usage history of the Service, that can be used for analysis of user’s needs and interests by its accumulation but cannot identify a specific individual).
  • (2) Terminal information

2 The Company will provide the information collected based on the preceding paragraph to companies that distribute behavioral targeting advertisements (hereinafter referred to as"Advertisement Distributors") for the purpose of delivering useful information to users by distributing optimal advertisements customized according to the needs or interests of the users.

3 The handling of respective information by Advertisement Distributors shall be in accordance with the privacy policy and other terms and conditions prescribed by each Advertisement Distributors.

Section 9 (Safe Management System)

For the prevention of any leakage, loss or damage, and proper management and protection of Customer Information, etc., the Company takes necessary and appropriate measures to ensure safe management of Customer Information, etc. such as by limiting access to personal information files, keeping the number of persons with authorized access to the minimum necessary, and installing security software to prevent unauthorized access from outside.

Section 10 (Rights of Users to Disclose, Correct, etc. Personal Information)

1 Customers may request for disclosure, correction, deletion or suspension of use (hereinafter referred to as"Disclosure, etc.") of all or part of personal information contained in Customer Information, etc. by contacting via the inquiry form described in Section 12. In this case, the Company will carry out Disclosure, etc. of such Customer Information, etc. as specified by the Company.

2 Notwithstanding the provisions of the preceding paragraph, these procedures may not be possible if the Company does not have obligations to carry out them under the Act on the Protection of Personal Information in Japan and other laws and regulations, if the same requests are repeated many times without justifiable reasons, or if the procedures require excessively technical work, etc.

Section 11 (Revisions to This Policy)

1 The Company will endeavor to timely review the status of the operation of handling of Customer Information, etc. to improve such operation continuously and may revise this policy from time to time as necessary.

2 The Company will notify of revised policy by posting it on the Service or the website operated by the Company or other easy-to-understand means. However, if the revision requires the consent of the user under laws and regulations, the consent of the party to a contract will be obtained by means separately prescribed by the Company.

Section 12 (Inquiries)

For any comments, questions, or complaints regarding the Company’s handling of Customer Information, etc., or other inquiries about the handling of Customer Information, etc., please use the inquiry form below.

The Japanese Food and Ingredient Supply Chain Platform Consortium c/o Agri Holdings, Inc.

1-3-11 Horidomecho, Nihonbashi, Chuo-ku, Tokyo, Japan 103-0012

Tel:03-4214-8386

Email:info@washokutreasure.com

(Please note that inquiries are accepted from 10 a.m. to 5 p.m. on weekdays.)

Established on August 8, 2018

Under the EU's General Data Protection Regulations (2016/679) (hereinafter called"GDPR"), the Japanese Food and Ingredient Supply Chain Platform Consortium c/o Agri Holdings, Inc. (hereinafter called"the Company") shall, in the case of personal data being provided or disclosed by people (hereinafter called"users") (this may include customers of the Company) of the protected European Economic Area (hereinafter called"EEA"), or personal data has been received or acquired through a third party, handle all personal data applicable under the GDPR as per the following Terms (hereinafter called"these Terms").

* Please refer to the original of GDPR.

Section 1. (Processing of Personal Data)

The processing of"personal data" in these Terms refers to any of the following cases pertaining to the processing of personal data of the users in the EEA:

  • (1) If it is related to the activity base of the Company within the EEA;
  • (2) If it is related to the products or services offered for the users;
  • (3) If it is related to the monitoring of behavior of users conducted within the EEA.

Section 2. (Collection & Processing Methods of Personal Data

The Company is consistently processing personal data of users under the legal grounds that are stipulated in the GDPR (Articles 6 and 7). In addition, if the Company processes personal data that requires special consideration, this shall be carried out in accordance with the specific criteria under the GDPR (Articles 9 and 10).

Section 3. (Purpose of Use of Personal Data)

1. The Company shall appropriately handle personal data of the users, within the scope of the following purposes:

  Purpose of use Details of the purpose
1 Provision/maintenance/improvement of the Service
  • Personal identification and prevention of unauthorized use
  • Smooth provision, maintenance, and improvement of the Service
2 Notification/response, etc. to customers, etc.
  • Provision of Information on the Service, response to inquiries, etc.
  • Notification of the terms of use, revisions to this policy, suspension or termination of the Service, contract termination and other important information concerning the Service
3 Creation of Statistical Data Creation of statistical data by processing so that individuals or specific users cannot be identified (Statistical Data).
4 Operations related to (i)-(iii)
  • Development of new business and services related to the Service
  • Marketing and market analysis related to the Service
  • Analysis of advertising effectiveness of the Service, etc.

2. The Company shall process the personal data of users for the specified, clear, and proper purpose and will not process any data for these purposes using an incompatible method. The Company shall notify the users if it intends to process personal data that was collected for a different purpose from the original use.

3. With regard to the relationship between personal data to be processed and the processing use, the Company shall ensure to only use data that are relevant and necessary.

Section 4. (Retention Period of Personal Data)

In order to comply with the Company’s legal obligations, reliably provide sufficient services, and maintain the Company’s business activities, the Company shall retain personal data for the necessary period (under GDPR Articles 5 and 25, Paragraph 2).

Section 5. (Handling Under Consent)

1. By agreeing to these Terms, the users shall consent to the handling of their personal data by the Company, and Company shall, subject to the consent of the users, handle the personal data of the users. However, users may withdraw their consent at any time.

2. In the case of users of the Service being under the age of 16, there is a necessity for the guardian of the user to give their consent about the use of the Service, or to have the guardian give their permission and the child consent to the use of the Service (GDPR, Article 8).

Section 6. (Sharing of Personal Data)

In order to achieve the purpose described in Section 3, the Company may share or disclose, etc. personal data of the users to a third party as specified below. In addition, if the personal data of the users are shared or disclosed, etc. from within the EEA to external of the EEA, the third party shall adhere to the GDPR and carry out appropriate protective measures (GDPR, Chapter 5).

(1) Collaborators
To achieve the purpose established in Section 3, a collaborator may work in cooperation with the Company to provide and develop the Company’s products and services or support marketing for the data subjects, and such data may be transferred, retained, and processed accordingly.
(2) Entrustment of Business
(i) In terms of sales operations for each service, response to enquiries, equipment maintenance, fee-related operations, marketing operations, and other business, there are cases when all or a portion of personal data processing will be entrusted to a third party.
(ii) In the case of execution of an outsourcing agreement, the Company will thoroughly inspect the other party’s competency as a contractor. With regard to outsourcing agreements, the Company shall establish provisions for security control measures, confidentiality, terms of reconsignment, and other items related to the suitable processing of personal data and appropriately supervise the other party by periodically carrying out monitoring, etc. of the outsourced operations.
(iii) With regard to personal data that have been provided (deposited) from the outsourced contractor following the entrustment of operations, such data will be used within the necessary scope with respect to fulfillment of the agreement with the contractor.
(3) Related Companies & the Combination and Reorganization of Each Company
The Company may share personal data with all of their related companies. If there is a company merger, corporate reorganization or civil rehabilitation, acquisition, joint venture, transfer, relocation, sale or disposal (including cases that are related to bankruptcy procedures or similar procedures), etc. with regard to all or a portion of the Company’s operations, the Company may transfer all personal data to the related third party.
(4) Compliance & Security
The necessity may arise for the Company to disclose personal data due to the law, legal proceedings, litigation, or upon request from public institutions or government authorities both internal and external of the users' country of residence. Furthermore, due to national security, law enforcement, or other important societal matters, the Company may disclose personal data if disclosure is deemed necessary or if judged to be appropriate.
In addition, the Company may disclose personal data if judged in good faith that disclosure is reasonably necessary, for the purpose of protecting the Company’s rights, pursuing useable remedies, enforcing the Company’s internal regulations, investigating impropriety, or for the purpose of protecting the Company’s operations or its users.

Section 7. (Records of the Company’s Personal Data Processing)

When processing personal data, the Company shall adhere to the obligations stipulated in GDPR (Article 30) for the recording of personal data processing. The Company shall adhere to the GDPR, and under the GDPR (Article 31), reflect all of the necessary information needed to cooperate with the supervisory authority in these records.

Section 8. (Security Measures)

When processing personal data, the Company will carry out suitable technical and systematic measures and maintain appropriate security (protection against unauthorized or unlawful processing, accidental loss, destruction or damage, etc.) for processing (GDPR Article 25, Paragraph 1 and Article 32).

Section 9. (Notification of Violations of Personal Data to the Supervisory Authority)

In order to protect against security breaches that will lead to the accidental or unlawful destruction, loss, transformation or unauthorized disclosure or access of personal data that has been transferred, retained or any other kind of processing, the Company has developed a system or policy that will promptly detect the content of the breach and analyze its risk. Depending on the results of the risk analysis, the Company shall carry out the necessary notifications to the supervisory authority and contact the affected users (GDPR, Articles 33 and 34).

Section 10. (Processing That is Likely to Have a High Risk to the Rights & Freedoms of the User)

The Company has developed a system or plan for the detection of data processing practices that are likely to have a high risk to the rights and freedoms of the user (GDPR, Article 35). In the case of the detection of such data processing practices, the Company shall evaluate this internally, suspend the practices, or ensure that the processing practices adhere to the GDPR and develop suitable technical and systematic protection measures for its continuation.
If there is any doubt, the Company shall contact the responsible data protection supervisory authority and seek advice or proposals (GDPR, Article 36).

Section 11. (Rights of the User)

With regard to the user, if there is a request pertaining to one’s personal data, the Company shall adhere to the GDPR and respond in the following way (GDPR, Chapter 3):

(1) Disclosure
Any retained personal data that may lead to the identification of a person shall be disclosed. (If there is no retained personal data that may lead to the identification of a person, the Company will respond to that effect.)
However, if any of the following apply, there are cases in which the reason will be notified, and all or a portion of the request will be declined.
(i) Cases in which disclosure is likely to harm the life, body, property, or other rights or interests of the person or a third party;
(ii) Cases in which disclosure is likely to seriously impede the proper execution of the Company’s business;
(iii) Cases in which disclosure violates laws and regulations.
(2) Correction
If there is a request for retained personal data that may lead to the identification of a person to be corrected or added (hereinafter called"corrections, etc.") on the grounds that the retained personal data are contrary to the fact, except in cases in which special procedures are prescribed by any other laws and regulations for such correction etc., the Company shall make a necessary investigation without delay, within the scope necessary for the achievement of the Purpose of Use. Consequently, when all or a portion of the content of the retained personal data are corrected, etc., the person shall be notified of this without delay. If the decision is to not make any corrections etc., the person shall be notified of this decision and the reason why without delay.
(3) Deletion
If there is a request for the deletion of retained personal data that may lead to the identification of a person, the Company shall undertake the necessary confirmation without delay that the personal data are necessary in light of the Purpose of Use. Consequently, if deletion of all or a portion of the content of the retained personal data is to be carried out, the person shall be notified of this without delay. If the decision is made not to carry out any deletions, the person shall be notified of this decision and the reason why without delay.
(4) Suspension of Use, etc
If there is a request for the suspension of use or deletion of the relevant retained personal data, or the suspension of provision to a third party (hereinafter called"suspension of use etc."), once it has been established that there is a reason for such a request, the Company shall carry out the suspension of use, etc. of the relevant retained personal data without delay and to the necessary extent. However, if the suspension of use etc. of the relevant retained personal data, etc. would incur considerable expenses, or it is otherwise difficult to discontinue using or to erase the retained personal data, there are cases in which necessary alternative measures will be taken instead to protect the rights and interests of the person. If the suspension of use, etc. on all or a portion of the retained personal data is carried out, the person shall be notified of this without delay. If the decision is to not carry out any suspension of use etc., the person shall be notified of this decision and the reason why without delay.
(5) Data Portability
If it meets the legal requirements, the personal data provided by the person will be provided upon categorization and for general use in a machine-readable format. In addition, if technically feasible, the personal data provided by the person shall be sent to other data managers. Furthermore, the decision is made to not provide or transmit personal data, the person shall be notified of this decision and the reason why without delay.

Section 12. (Revisions to These Terms)

The Company may revise these Terms. In terms of revisions made to these Terms, they shall become valid when the revised Terms are displayed on the website. If any revisions that are considered significant are to be carried out, the Company shall notify the users of the possible range through the website and, in certain cases, may request the consent of the users.

Section 13. (Contact & Enquiries)

Any communication or inquiries regarding the handling of personal data in these Terms shall be directed to the following:

The Japanese Food and Ingredient Supply Chain Platform Consortium c/o Agri Holdings, Inc.

1-3-11 Nihonbashi Horidome-cho, Chuo-ku, Tokyo

Tel:03-4214-8386

Email:info@washokutreasure.com

(Please note that inquiries are accepted from 10 a.m. to 5 p.m. on weekdays.) )

Established on August 8, 2018