Privacy Policy

by cca_user

Enacted and enforced on October 1st, 2023

Introduction

CE-Cet Associates Company Limited (hereinafter referred to as ‘the Company’) acquires, utilizes, and stores the personal information of all parties related to the Company (including shareholders, customers, and employees, hereinafter referred to as ‘the Individual’). The Company’s privacy policy outlines its stance and specific measures regarding the protection of personal information.

The Company acquires personal information from the Individuals themselves. Customer personal information acquired by the Company includes information provided directly by customers to the Company, information regarding customers’ use of Company services, and information obtained from third parties.

Furthermore, if the Company’s personal information management falls under the scope of the General Data Protection Regulation (GDPR), the Company will appropriately manage personal information in accordance with the provisions of the GDPR.

Acquisition of personal information

The Company primarily acquires and utilizes personal information (including information about individuals) through the following methods, storing them as personal data:

  • Direct acquisition from the Individuals
  • Acquisition from third parties
  • Acquisition through methods such as Cookies (Online Privacy Notices) and web beacons (including similar technologies)
  • Acquisition through recording conversations
  • Acquisition through recording in photos, videos, etc.
  • Acquisition based on matters related to the Company

Purposes of utilizing personal information acquired

The purposes for which the personal information acquired by the Company is utilized are as follows:

  1. Achievement of the purposes for which the personal information was acquired
  2. Provision of Company products and services
  3. Provision of after-sales services related to the above
  4. Contract reviews and credit examinations, etc.
  5. Billing, collection, and preservation of claims related to Company business and other fees (including cases where the handling of personal information is outsourced to third parties for billing and collection of various fees)
  6. Planning and development of new products and services
  7. Information dissemination regarding various aspects of products and services
  8. Advertising and promotion
  9. Training and improvement of employee education for sales and solicitation methods within the Company
  10. Marketing and research related to Company business
  11. Implementation of prizes, campaigns, and similar initiatives
  12. Registration and utilization of personal information with credit reporting agencies
  13. Inquiry to personal credit information agencies for the purpose of utilizing individual credit information to make appropriate credit judgments and for post-credit management
  14. Providing and registering transaction facts with personal credit information agencies
  15. Compilation of statistical data for business analysis and utilization of analysis results
  16. Responding to disclosure requests based on the Personal Information Protection Act, as well as monitoring and auditing of the handling of personal information
  17. Activities related to Corporate Social Responsibility (CSR)
  18. Management of contractual relationships with business partners
  19. Exercise of rights and fulfillment of obligations under corporate law
  20. Employment of employees, including recruitment, and personnel management
  21. Welfare benefits for employees, including the provision and operational management of welfare benefits
  22. Management of facilities and equipment
  23. Third-party provision
  24. Any other necessary activities within the scope of performing the tasks mentioned in the preceding clauses.

Handling personal information

The Company complies with laws and related regulations governing the handling of personal information. The Company acquires, uses, and provides personal information solely for the “Purpose of Use of Acquired Personal Information” and does not acquire, use, or provide personal information for purposes other than those recognized by laws, except when obtaining the consent of the individual in advance. Whether customers provide personal information to the Company is at their discretion. However, if necessary information is not provided, it may not be possible to provide services appropriately.

As mentioned in the “Regarding the Acquisition of Personal Information,” for the security and improvement of user experience (UI/UX) on visited websites, the Company may acquire information from individuals using Cookies and web beacons. This is done to ensure the security of the visited website and enhance the user interface and experience.

Information about person (which does not fall in the legal definition of personal information)

The Company may acquire personal data, including identifier information such as Cookie data, IP addresses, device-specific IDs, as well as location information, browsing history, purchase history, and other log information related to internet usage from providers handling person’s information, for the purpose of improving the User Interface/User Experience (UI/UX) of our website, enhancing the convenience of services, and maintaining/improving quality. The purposes for using personal data obtained in this manner align with the “Purposes of utilizing personal information acquired”.

Personal information requiring special consideration

When obtaining personal information requiring special consideration, the Company will obtain the individual’s consent in advance. However, this does not apply if such acquisition is permitted by law.

Keeping and managing personal information

The Company complies with the Personal Information Protection Act, various guidelines related to the act, and other relevant laws and regulations regarding the acquisition, use, storage, provision, deletion, and disposal of personal information. Additionally, the Company establishes a management system encompassing the handling of personal data, the definition of responsibilities and roles of individuals in charge, and ensures compliance with this system by its employees. Organizational security measures, human resource security measures, physical security measures, and technical security measures are implemented for systematic security management of held personal data and similar information.

Provision to a third party

The company may provide personal data to third parties only under the following circumstances:

  1. When you have agreed to this Privacy Policy. Details regarding the provision to third parties when you have agreed are as follows:
    ① Items of personal data provided to third parties
    I. All or part of the information about individuals acquired by the company
    ② Methods of providing to third parties
    I. Electronic record methods (including methods of providing electronically, such as through email, as well as methods involving the use of recording media for handover or mailing, etc.)
    II. Written methods
    ③ Methods to Accept Requests for Cessation of Third-Party Provision
    I. Contacting the contact point specified in the ‘Procedures and Contact for Disclosure, etc.’
  2. When a court issues a warrant or there is a decision, order, or legal provision by the court.
  3. In cases where it is necessary to protect human life, body, or property, and obtaining the individual’s consent is difficult.
  4. In cases where it is particularly necessary for the improvement of public health or the promotion of the wholesome upbringing of children, and obtaining the individual’s consent is difficult.
  5. When it is necessary to cooperate with national institutions, local public bodies, or those entrusted with their tasks in performing duties specified by law, and obtaining the individual’s consent may impede the execution of such duties.

Provision by way of entrustment

The company may entrust the handling of personal data (excluding personal information requiring special consideration, defined as such in this section) to third parties within the necessary scope for the achievement of the specified purposes. In such cases, the company will select appropriate contractors, enter into suitable contracts ensuring proper handling of the personal data by the entrusted parties, and regularly monitor the handling status of personal data by the contractors.

Anonymized processed personal information

When creating anonymized processed personal information, the company will adhere to relevant laws and regulations, process the information appropriately, and handle it with due care. Additionally, in the event of creating anonymized processed personal information, the company will disclose the items of information related to individuals included in it and the security measures implemented. If the company receives anonymized processed personal information, it will handle it appropriately, taking suitable security measures and refraining from cross-referencing with other information.

Procedure for disclosure

With regard to the personal data held by the company or records of third-party disclosures, if an individual wishes to request the disclosure of their information (or notification of the purposes of use of the relevant personal data), the company will confirm the individual’s identity upon receiving the request and respond within a reasonable period and scope. However, there may be cases where requests for disclosure cannot be accommodated due to legal requirements.

Correction, Deletion, etc.

With regard to the content of personal data held by the company group, if an individual wishes to request the correction, addition, or deletion of that information, the company will confirm the individual’s identity upon receiving the request. If there is information that is factually incorrect, the company will correct, add, or delete the information within a reasonable period and scope.

Suspension of use and erasure

With regard to the personal data held by the company, if an individual requests the suspension of use or deletion of information and any of the following conditions apply, the company will confirm the individual’s identity and, in principle, suspend the use or delete the information to the extent necessary to prevent infringement on the rights and interests of the individual. However, in accordance with legal provisions, the company may not be able to comply with requests for suspension of use or deletion, or may implement alternative measures recognized by law in lieu of suspension or deletion. Please note that if all or part of the personal data is suspended or deleted, it may no longer be possible to provide services in line with the individual’s preferences.

  1. When the company uses personal information beyond the scope of the purposes of use stated in the ‘Purpose of Use of Acquired Personal Information’ without the individual’s consent.
  2. When the company acquires the personal information through illegal or fraudulent means.
  3. When the company unlawfully provides personal information to a third party.
  4. When the company uses the held personal data in a manner that may encourage or induce illegal or unfair acts.
  5. When there is no longer a need to use the held personal data.
  6. When a leak, loss, or damage to the held personal data occurs.
  7. When there is a risk of infringement or damage to the individual’s rights or legitimate interests.

Maintaining and improving the protection of personal information

To handle personal information appropriately, the company conducts regular education on personal information protection and periodic audits of handling practices for all employees. It ensures the implementation of this Privacy Policy (Personal Information Protection Policy) and strives for timely and appropriate continuous improvement of the personal information protection management system, considering legal requirements and changing environmental conditions.
The company establishes and continuously improves regulations and systems for reasonable security measures to prevent risks such as leakage, loss, or damage to personal information. In the event of an incident, prompt corrective measures will be taken.

Contact for disclosure request

The company has appointed an information management officer responsible for the management of personal information. For inquiries related to the content of this Privacy Policy, the handling of personal information, complaints, consultations, and various procedures, please contact the following inquiry desk.

Contact for requests including disclosure
7-8-16 8F, Hirai, Edogawa-ku, Tokyo 132-0035 
Ce-Cet Associates Company Limited
Hiroyuki Ishii, Representative Director 
h.ishii@ce-cet-assoc.co.jp