Privacy Policy

*This is an English translation of “Chapter 2 Privacy Policy” from the Terms of Service, Part 1 Basic Guidelines.

The governing language of these Terms of Service shall be Japanese. The English translation is made solely for the purposes of reference, and only the Japanese original shall have effect as a contract and the English translation version shall have no effect.

Terms of Service
Part 1 Basic Guidelines
Chapter 2 Privacy Policy

The following are the basic policies (the “Privacy Policy”) for the Company's handling of information related to privacy of our customers, business partners and others (collectively referred to as the “Customers” in this Chapter).

Note: Please see the Yahoo! JAPAN Privacy Center as to how the Company specifically handles information related to privacy in accordance with the Privacy Policy.

The Privacy Policy applies to any and all information handled by the Company capable of directly or indirectly identifying Customers as individuals (hereinafter, the “Personal Data”).

  1. Acquisition of Personal Data

    The Company shall acquire Personal Data in the following cases.

    1. (1) In the case that Customers input Personal Data by operating a terminal;
    2. (2) In the case that Customers provide Personal Data directly or through media such as documents, etc.;
    3. (3) In the case that Personal Data is automatically sent when the Customers use or browse services, products, advertisements or contents (hereinafter, collectively, the “Services”*1);
    4. (4) In addition to the above, in the case that Personal Data is lawfully acquired such as when it is provided from a third party with the Customers' consent.

    *1 Services include services, products, advertisements or contents towards Partners*2 and Customers other than the customer him/herself.

    *2 Partners refer to the Company's Group Companies*3, content providers, advertisers, advertisement distribution destinations, and other partners.

    *3 Group Companies refer to Z Holdings Corporation and its parent company, subsidiary companies and associated companies (parent company, subsidiary company and associated company as provided in the Regulation on Terminology, Forms and Preparation Methods of Financial Statements). Please check here (Japanese only) for more on Group Companies.

  2. Purpose of Use of Personal Data

    The Company shall use Personal Data*4 for the following purposes. Please check here for the specific use examples of Personal Data.

    1. (1) To provide the Company's Services suited to Customers;
    2. (2) To respond to inquiries made by Customers;
    3. (3) To deliver products, request payment of fees, grant points, etc.;
    4. (4) To make notifications to the Customers in relation to the Services of the Company and its Partners;
    5. (5) To secure the safe provision of the Company's Services (this includes discovering a customer in breach of the Terms of Services and notifying such customer; investigating, detecting, and preventing wrongful acts such as fraud resulting from abuse of Services and unlawful access; and taking measures towards the above);
    6. (6) To improve the Company's Services and to consider new Services of the Company;
    7. (7) To investigate and analyze the status of use, etc. of the Company's Services.

    Notwithstanding the above, in the case that the Company is provided Personal Data from a third party, if there are separate provisions regarding the purposes of use of such Personal Data, the Company shall use such Personal Data in accordance with such provisions.

    *4 The use stipulated in this Article includes linking together, managing and using our Customers' Yahoo! JAPAN IDs, Partners' IDs, advertising IDs (including, but not limited to, Advertising Identifier (IDFA) and Google Advertising Identifier(AAID)), cookies and other various types of identifiers handled by the Company.

  3. Consent to the Provision of Personal Data

    1. In addition to cases where permitted by laws and regulations, if the Customers' consent is obtained, the Company shall provide Personal Data to third parties (including third parties in foreign countries; the same hereinafter) such as Partners, etc.; provided, however, that in the following cases, the Company shall provide Personal Data to a third party to a necessary extent upon excluding information capable of directly identifying specific individuals such as name and address.

      1. (1) Where necessary for the provision of the Company's Services;
      2. (2) Where necessary for the enhancement of the quality of the Company's Services;
      3. (3) Where necessary to consider new Services of the Company;
      4. (4) In the case of providing Personal Data to research institutions for the purposes of investigation, research or analysis.
    2. In addition to the case in the preceding paragraph, the Company shall provide, in the following cases, Personal Data to the Company's Group Companies to a necessary extent upon excluding information capable of directly identifying specific individuals such as name and address. In providing such data, the Company shall prohibit the Group Companies from reoffering the Personal Data to a third party (excluding cases in which it is for responding to disclosure request enforced under laws and regulations).

      1. (1) Where necessary for the provision of the Group Companies' Services;
      2. (2) Where necessary for the enhancement of the quality of the Group Companies' Services;
      3. (3) Where necessary to consider new Services of the Group Companies;
    3. If a customer has entered into an agreement under separate conditions for individual Services, the contract conditions thereof shall apply with precedence.

  4. Security

    1. The Company shall appropriately handle Personal Data in accordance with various laws and regulations on protection of personal information and the Privacy Policy.
      In order to appropriately handle Personal Data, the Company shall organize internal rules and organizations, and ensure the security of an information system processing Personal Data. The Company has obtained an information security management system certification in order to guarantee that these security management measures are appropriately taken.
      In the event that the Company entrusts the handling of Personal Data to a third party, the Company shall entrust the handling of Personal Data to a person satisfying the criteria for the selection of an entrustee determined by the Company, and shall appropriately manage the affairs of the entrustee upon executing an agreement with the entrustee. The Company shall only provide Personal Data to a third party which has taken security management measures satisfying the criteria determined by the Company.

    2. If any incident occurs such as leakage, etc., of Personal Data, the Company shall, according to laws and regulations, and guidelines, report to supervisory authorities, as well as, following the supervisory authorities' instructions, take necessary actions including measures to prevent occurrence of similar incidents and recurrence of the incident.

  5. (Amended on December 1, 2009)

    (Amended on September 5, 2012)

    (Amended on November 1, 2012)

    (Amended on January 7, 2013)

    (Amended on April 2, 2013)

    (Amended on June 28, 2013)

    (Amended on September 2, 2013)

    (Amended on June 2, 2014)

    (Amended on July 27, 2015)

    (Amended on June 23, 2016)

    (Amended on October 1, 2019)

PAGE TOP