Privacy Policy

Important Note regarding the English Translation

 This document is an English translation of the original Japanese Privacy Policy provided for reference and convenience purposes only. This translation does not have any legal force or effect. In the event of any discrepancy, contradiction, or inconsistency between this English translation and the original Japanese text, the Japanese text shall prevail in all respects. The Company assumes no responsibility for any direct, indirect, or other forms of damages arising from any misunderstanding or misinterpretation of this translation.

Bitkey Inc. (hereinafter referred to as the "Company") acquires, uses, and stores Personal Information, etc., of customers who use the products or services provided by the Company (hereinafter referred to as the "Company Service") and customers who participate in exhibitions, study groups, etc., organized or involved by the Company.

The Company places the highest priority on security to ensure that customers can use the Company Service with peace of mind, takes all possible measures, and handles customers' Personal Information, etc., appropriately based on this Privacy Policy. This Privacy Policy explains to customers the items, purposes of use, methods, etc., regarding customers' Personal Information, etc., handled by the Company for the provision of the Company Service.

Article 1 (Customer Personal Information, etc.)

The Company acquires and generates the following Personal Information, etc., of customers.

1.  Information acquired directly from customers

    1.  Information regarding accounts opened to use the Company Service

         Basic information such as name, email address, and telephone number.

         Biometric information such as facial photographs and facial recognition data (hereinafter referred to as "Biometric Informatio Googke LLC").

    2.  Information regarding customer transactions and communications

         Attribute information such as address, date of birth, gender, family structure, workplace information, and residence information.

         Information regarding payments.

         Information entered or transmitted by customers through input forms or other methods determined by the Company.

         Contact information, details of events, information necessary for resolving problems, and call records provided to Customer Support.

2.  Information automatically acquired when customers use the Company Service

     Information regarding internet connection such as IP address.

     Information regarding server access logs.

     Location information.

     Information regarding machine identification of information communication terminals such as terminal IDs.

     Information regarding the browser, OS, and other information communication terminals used.

     Information regarding Cookies and similar technologies.

     Usage status of the Company Service such as behavioral history, browsing history, and purchase history.

3.  Information acquired through provision from third parties

     Information agreed to by the customer when the customer permits linkage with the Company Service to an external service.

     Regarding customers using the Company's service "Doamae Delivery" (Door-front Delivery), information included in emails received by the customer (limited to emails from shippers or delivery carriers received via the Gmail function incidental to a Google account), including email sender information, package tracking numbers, scheduled arrival dates, and package sender information, which is acquired upon obtaining the customer's prior consent for the provision of the Company's service "Doamae Delivery".

4.  Information generated by the Company when customers use the Company Service

     Identifier information linked to the customer's Personal Information, etc.

 Article 2 (Purpose of Use of Personal Information, etc.)

1.  The Company uses customers' Personal Information, etc., for the following purposes:

    (1) For the provision of the Company Service (including account opening, user authentication, and maintenance).

    (2) To associate customers' Personal Information, etc., with information acquired from third parties for the purpose of understanding customer needs and providing a better experience.

    (3) For maintenance of security and prevention of unauthorized use.

    (4) For new function development, function modification, and trend analysis of the Company Service.

    (5) For proposal, guidance, advertisement, sales promotion activities, and public relations activities of the Company Service.

    (6) To analyze information held by the Company such as customer usage history, browsing history, purchase history, etc., and information acquired from third parties such as partner companies, to utilize for marketing research, or to deliver advertisements according to customers' interests and preferences.

    (7) For provision of customer support and troubleshooting response to customers.

    (8) For implementation of questionnaires, monitors, interviews, etc., for customers.

    (9) For billing charges to customers using paid Company Services and exercising other rights of the Company.

    (10) For judgment of transactions with the Company (credit judgment, etc.) and management after transactions.

    (11) To provide information agreed to by the customer when the customer permitted linkage to external services for which the customer permitted linkage with the Company Service.

    (12) To provide Personal Information, etc., agreed to by the customer to a third party designated by the customer based on the customer's request.

    (13) To perform participation registration and information management of customers regarding exhibitions, study groups, etc., organized or involved by the Company.

    (14) To perform guidance, confirmation, contact, and inquiries to customers regarding exhibitions, study groups, etc., organized or involved by the Company.

    (15) For the Company to create statistical materials.

    (16) To respond to requests for materials, etc., to the Company.

    (17) To manage entry and exit to customers' buildings and facilities.

2.  The Company handles the use of customers' Biometric Information as follows:

    (1) The Company holds customers' Biometric Information for the purpose of performing facial recognition, tuning facial recognition data to improve the accuracy of facial recognition, and investigating defects related to facial recognition.

    (2) The Company holds customers' Biometric Information during the period of providing services to customers for the purposes defined in Item 1 of this Paragraph.

    (3) The Company may provide customers' Biometric Information to "CyberLink Corp." based on entrustment, upon obtaining the customer's consent, to investigate defects related to facial recognition defined in Item 1 of this Paragraph.

    (4) "CyberLink Corp." may hold information regarding Biometric Information during the investigation period to investigate defects related to facial recognition defined in Item 1 of this Paragraph.

    (5) When holding customers' Biometric Information, the Company and "CyberLink Corp." shall encrypt said Biometric Information and manage it upon taking appropriate security control measures.

    (6) The Company and "CyberLink Corp." shall respond to the deletion of customers' Biometric Information in response to requests from customers.

3.  Regarding customer information acquired using the Gmail API provided by Googke LLC as the acquisition source, the Company will use it only for the provision of the Company Service "Doamae Delivery" regarding the receipt of packages, provision of technical support to customers regarding said service, and response to inquiries from customers.

 Article 3 (Provision of Personal Information, etc. to Third Parties)

1.  The Company will not provide Personal Information, etc., to third parties without the customer's consent. However, in the following cases, Personal Information, etc., may be provided without the consent of the person concerned:

     When it is necessary for the protection of a person's life, body, or property, and it is difficult to obtain the consent of the person concerned.

     When it is particularly necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the person concerned.

     When it is necessary to cooperate with a national government organ, local government, or a person entrusted by them in executing affairs prescribed by laws and regulations, and obtaining the consent of the person concerned constitutes a risk of hindering the execution of said affairs.

2.  Notwithstanding the provisions of the preceding paragraph, the Company may provide all or part of Personal Information, etc., to a subcontractor when outsourcing part of operations (delivery, etc.) to a third party to the extent necessary to achieve the purposes in Article 2 (Purpose of Use of Personal Information, etc.). In this case, the Company takes appropriate security control measures for the subcontractor.

 Article 4 (Security Control Measures)

The Company takes appropriate security control measures as follows for the safety management of Personal Information, etc.

1.  Formulation of Basic Policy

    To ensure the proper handling of Personal Information, etc., the Company has formulated an Information Security Policy in addition to this Privacy Policy.

2.  Establishment of Discipline regarding Handling of Personal Information, etc.

    Regarding the proper handling of Personal Information, etc., the Company has formulated handling regulations defining the handling methods, responsible persons, etc.

3.  Organizational Security Control Measures

     A person responsible for information security including Personal Information, etc., is appointed.

     Investigations and hearings regarding the handling of Personal Information, etc., are conducted, and improvement measures are taken as necessary.

     A reporting window in case of leakage, etc., of Personal Information, etc., is established.

4.  Human Security Control Measures

     Training regarding information security including Personal Information, etc., is regularly conducted.

     Written pledges regarding the handling of Personal Information, etc., are exchanged with employees.

5.  Physical Security Control Measures

     Entry/exit restrictions and management are implemented in office floors where Personal Information, etc., is handled.

     Information terminals are made unviewable by activating password-protected screen savers or locking computers, etc., when leaving the seat.

     Measures to prevent information leakage are implemented by managing information terminals using an asset management system and encrypting storage devices of information terminals, etc.

6.  Technical Security Control Measures

     IDs necessary to access Personal Information, etc., are issued for each employee, and appropriate access authority to Personal Information, etc., is granted.

     Identification of employees who accessed Personal Information, etc., and monitoring as necessary are performed using access logs, etc., recorded in association with said IDs.

     Measures to prevent unauthorized access from outside, such as building firewalls and installing anti-virus software on information terminals, are implemented.

7.  Understanding of External Environment

     The Company may store customers' Personal Information, etc., using services of cloud service providers located in foreign countries.

     In this case, the Company implements security control measures upon understanding the systems regarding the protection of personal information in said foreign countries.

     In response to a request from a customer, the Company will provide information regarding the understanding of said external environment. Customers who wish to do so should contact the contact point described in Article 8 (Inquiries).

Article 5 (Personal Related Information)

1.  The Company may acquire Personal Related Information (for example, browsing history, location information, Cookies, etc., which cannot identify a specific individual at the Company) for the purpose of acquiring behavioral history of customers to improve customer convenience, acquire statistical data, etc., and provide it to third parties such as advertising platforms.

2.  When providing to third parties such as advertising platforms, if it is assumed that said third party will acquire it as personal data by matching it with information held by said third party, the Company will provide it upon fulfilling obligations under the Act on the Protection of Personal Information.

Article 6 (Procedures for Disclosure, Correction, Suspension of Use, etc. of Personal Information, etc.)

1.  Customers may request the disclosure of customers' Personal Information, etc. (including records of provision to third parties; the same applies hereinafter). However, the following cases are excluded:

    (1) When there is a risk of harming the life, body, property, or other interests of the customer themself or a third party such as another customer by disclosing.

    (2) When there is a risk of significantly hindering the proper implementation of the Company's business by disclosing.

    (3) When disclosure violates laws and regulations.

    (4) When it cannot be confirmed that the request for disclosure is from the customer themself.

2.  The fee for the disclosure of Personal Information, etc., is 1,000 yen.

3.  In addition to disclosure, customers may request correction, suspension of use, deletion, suspension of provision to third parties, etc. If it is found that there is a reason for the request, the Company will implement correction, suspension of use, deletion, suspension of provision to third parties, etc., without delay to the extent necessary to prevent infringement of the customer's rights and interests.

4.  When requesting disclosure, correction, suspension of use, deletion, suspension of provision to third parties, etc., of Personal Information, etc., please contact the contact point described in Article 7 (Inquiries).

 Article 7 (Use of Cookies, etc.)

1.  Cookies refer to text files that identify the computer terminal, etc., used by a user who visited a website. Cookies are saved in the storage device of the computer, etc., through the browser used by the user. Cookies are a technology generally used in many websites currently to refer to browsing history information, etc., without specifying the user themself, and to utilize such information for the operation and improvement of websites, optimization of contents (including text, sound, images, video, or software), etc. The Company may use Cookies and similar web tracking technologies (web beacons, pixels, etc.) for purposes such as:

     To remember the login status and use it for visitor authentication, session maintenance, and security measures.

     To remember the last visit date and time, etc., to improve convenience.

     To provide better services by understanding the number of visits and usage forms, etc.

     To deliver advertisements of higher interest.

     To measure the effectiveness of advertisements.

The customer can control whether to accept Cookies using browser settings and other tools. However, if the customer disables Cookies or restricts the function to set Cookies, access to all or part of the functions of the website may become impossible, and as a result, the customer's overall convenience may be restricted.

2.  To improve the Company Service, the Company uses Google Analytics of Googke LLC to measure the Company Service such as websites. Googke LLC may set Cookies or read existing Cookies for data acquisition. Also, the Company may collect information using Google Forms. The management of information collected through Google Forms is conducted by Google LLC. At that time, information such as the URL of the page accessed by the customer and IP address is automatically transmitted to Googke LLC. The Company may use such information for understanding usage status and for the Company Service, etc. Note that such information is managed based on Googke LLC's Privacy Policy, regarding the handling of data by Googke LLC in Google Analytics, or if the customer wishes to stop information collection using Google Analytics, please check the following:

     Google Analytics Terms of Service

     Googke LLC Privacy Policy

     Opt-out

3.  Regarding the information transmission instruction communications defined in Article 27-12 of the Telecommunications Business Act, including the above Google Analytics, the matters to be notified in advance by the Company when customers use the Company's website or the Company Service are as follows:

Article 8 (Inquiries)

The Company's contact point for inquiries, complaints, consultations, disclosures, etc., regarding this Privacy Policy and the handling of Personal Information, etc., is as follows:

Bitkey Inc. Customer Support (support@bitkey.jp)

 Article 9 (Revision of this Privacy Policy)

1.  The Company will arbitrarily change this Privacy Policy to the extent not violating laws and regulations so that customers can use the Company Service with peace of mind.

2.  If there is a revision, the content of the revised Privacy Policy and the revision timing will be made known by display on the Company's website or other appropriate methods, or notified to customers.

 Established on May 2, 2019

 Revised on June 11, 2020

 Revised on April 1, 2022

 Revised on June 16, 2023

 Revised on January 22, 2024

 Revised on March 1, 2024

 Revised on September 25, 2024