Policy in the field of processing and ensuring the security of personal data
1. General Provisions
Акционерное общество «Вишю» (株式会社VISHU, 法人番号7010401124217, 132-0035,東京都江戸川区Joint-stock company “Vishu” (株式 会社Vishu , 法人 番号 7010401124217, 132-0035, 東京 都 江戸 川 区 平井 1 丁目 10-7, registration number of the legal entity: 7010401124217, registration address: 132-0035, Tokyo city, Edogava district, 1 10-7, Hirai district) (hereinafter referred to as the “Company”), as part of its core business, processes personal data of various categories of personal data subjects using personal data information systems, including, among other things, the following Company websites: www. vishu.co.jp, as well as other websites of the Company that link to this Policy.
In accordance with the current legislation of Japan, the Company is the controller of personal data. When organizing and processing personal data, the Company is guided by the requirements of the Law of Japan dated May 30, 2003 No. 57 “Law on the Protection of Personal Information”.
For the purposes of this Policy, personal data means any information provided through the Company’s websites and (or) collected using such websites, relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
2. Collection of personal data
The Company collects information through websites and mobile applications in the following ways:
• Personal data provided by users: The Company collects personal data that is entered into the data fields on the Company’s websites by users themselves or other persons on their behalf.
• Collection of data about the location of the devices of users of the Company’s mobile application when users use the mobile application.
• Collection of user IP addresses and cookies.
• Passive collection of personal data about the current connection in terms of statistical information: :
— user ID assigned by the Site;
— visited pages;
— the number of page visits;
— information about moving through the pages of the site;
— duration of the user session;
— entry points (third-party sites from which the user follows the link to the Site);
— exit points (links on the Site, through which the user goes to third-party sites);
— country of the user;
— user’s region;
— the time zone set on the user’s device;
— user provider;
— user’s browser;
— digital fingerprint of the browser (canvas fingerprint);
— available browser fonts;
— installed browser plugins;
— browser WebGL parameters;
— type of available media devices in the browser;
— the presence of ActiveX;
— list of supported languages on the user’s device;
— processor architecture of the user’s device;
— OS of the user;
— screen parameters (resolution, color depth, page placement parameters on the screen);
— information about the use of automation tools when accessing the Site.
For registered users of the Site, information about the use of ports on users’ devices may be collected in order to detect suspicious activity and protect user personal accounts. Data can be obtained through various methods, such as cookies and web beacons, etc.
The Company may use third-party Internet services (third-party technologies) to organize the collection of statistical personal data, third-party Internet services store the received data on their own servers. The Company is not responsible for the localization of servers of third-party Internet services. At the same time, such third-party Internet services (third-party technologies) installed on the Site and used by the Company may set and read browser cookies of end users of the Site, or use web beacons to collect information in the course of advertising activities on the Site. The procedure for collecting and using the data collected by such third-party Internet services (third-party technologies) is determined independently by these third-party Internet services and they are directly responsible for compliance with this procedure and the use of the data they collect, including these third-party Internet services are responsible and ensure compliance with the requirements of applicable law, including Japanese personal data law.
The Company does not compare the information provided by the user independently and allowing to identify the subject of personal data with statistical personal data obtained in the course of using such passive methods of collecting information.
3. Principles and conditions for the processing of personal data
Only personal data that meet the purposes of their processing are subject to processing. The content and volume of personal data processed by the Company correspond to the stated purposes of processing, redundancy of processed personal data is not allowed.
When processing personal data, the Company ensures the accuracy of personal data, their sufficiency and, if necessary, relevance in relation to the purposes of processing personal data. The Company takes the necessary measures (ensures their adoption) to delete or clarify incomplete or inaccurate personal data.
The Company, in the course of its activities, may provide and (or) entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by Japanese law on personal data. At the same time, a prerequisite for providing and (or) entrusting the processing of personal data to another person is the obligation of the parties to maintain confidentiality and ensure the security of personal data during their processing.
The terms for the processing of personal data are determined in accordance with the purposes for which they were collected.
4. Rights of the subject of personal data
The subject of personal data has the right (unless otherwise provided by law):
• demand clarification of their personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
• require a list of their personal data processed by the Company and the source of their receipt;
•receive information about the terms of processing of their personal data, including the terms of their storage;
• demand notification of all persons who were previously informed of incorrect or incomplete personal data of all exceptions, corrections or additions made to them;
• appeal to the authorized body for the protection of the rights of subjects of personal data or in court against illegal actions or inactions in the processing of his personal data;
• to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.
If you have questions about the nature of the application, use, modification or deletion of your personal data that you have provided, or if you want to opt out of further processing by the Company, please contact us by mail at the Company’s address or by e-mail: info @vishu.co.jp
Please note that the personal data operator is not responsible for false information provided by the subject of personal data.
5. Implementation of the requirements for the protection of personal data
In order to maintain business reputation and ensure compliance with the requirements of federal legislation, the Company considers it the most important tasks to ensure the legitimacy of the processing of personal data in the Company’s business processes and ensure an appropriate level of security of personal data processed by the Company.
The Company requires other persons who have gained access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
In order to ensure the security of personal data during their processing, the Company takes the necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other misconduct against them.
The Company strives to ensure that all measures implemented by it for the organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of Japanese law on the processing of personal data.
In order to ensure adequate protection of personal data, the Company assesses the harm that may be caused to personal data subjects in the event of a violation of the security of their personal data, and also determines current threats to the security of personal data during their processing in personal data information systems.
In accordance with the identified actual threats, the Company applies the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including the use of information security tools, detection of unauthorized access to personal data and taking measures, recovery of personal data, restriction of access to personal data, registration and accounting of actions with personal data, as well as control and evaluation of the effectiveness of the measures taken to ensure the security of personal data.
The Company’s management is aware of the importance and necessity of ensuring the security of personal data and encourages continuous improvement of the system for protecting personal data processed as part of the Company’s core business.
The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.
Each new employee of the Company directly involved in the processing of personal data is familiar with the requirements of Japanese law on the processing and security of personal data, this Policy and other local acts of the Company on the processing and security of personal data and undertakes to comply with them.