3. Disclosure and Entrustment of Personal Information to a Third Party
(1)
User Information (including nickname, gender and time zone)
-
Recipients: contractor for development and maintenance of the Application
-
Purposes: identity verification, maintaining, and servicing the application, analysis of usage patterns for application maintenance, quality improvement and development, sending notices and communications to users, prevention of, investigation of and response to fraud, nuisance, misuse, unauthorized use and nonpayment, investigations of Application problems
(2)
IP address and online identifier
-
Recipients: Google Inc.
-
Purposes: identity verification, provide features and functionality of Application, monitor aggregate metrics, analysis of usage patterns for application quality, maintenance, improvement and development, send notices and communications to users, prevention of, investigation of and response to fraud, nuisance, misuse, unauthorized use and nonpayment
-
We may entrust all or part of the service to handle the Personal Information obtained from the user to an entrusted company within the scope of this Privacy Policy. In such cases, we shall select a company that is deemed to handle such information appropriately, and shall stipulate in the contract with such company its obligations regarding safety control measures, confidentiality, conditions for subcontracting, return and deletion of Personal Information at the end of the contract, and other matters related to the handling of Personal Information, and shall conduct necessary and appropriate supervision of the entrusted company.
4. Safety Control Measures
We shall take necessary and appropriate measures to control access to Personal Information, restrict the means of transporting Personal Information, prevent unauthorized access from outside, prevent leakage, loss, or destruction of Personal Information, and other measures for the safety control of Personal Information (hereinafter referred to as "Safety Control Measures").
In taking Safety Control Measures, we shall appropriately implement the following technical and organizational safeguards in accordance with our basic policy on information security, using relevant laws, regulations, guidelines, and the framework of the Information Security Management System (ISMS).
(1)
Technical Safety Control Measures
-
We shall take reasonable measures to control access to Personal Information by limiting access privileges (such as immediately disabling the accounts of employees who have transferred to different departments or left the company), monitoring access status (such as long-term storage of access logs,), regularly changing passwords, controlling access to rooms, and monitoring with surveillance cameras.
-
We shall restrict the means of transferring or transmitting Personal Information (such as physical prohibition of recording on external storage media, authentication of e-mails with Personal Information attachments sent outside our company,).
-
We shall prevent unauthorized access from outside (such as installation of firewalls).
(2)
Organizational and Personnel Safety Control Measures
(i)
Supervision of employees (including temporary employees)
-
In addition to appointing an "Information Security Manager" as the person in charge of Personal Information management, we shall clearly define the responsibilities and authority of employees concerning the safety control of Personal Information and establish a system for reporting to the manager in the event that any fact or sign of violation of laws, regulations, or internal rules is detected.
-
We shall establish internal rules and manuals for safety control, ensure that employees comply with these rules and manuals, and conduct appropriate audits of compliance with these rules and manuals.
-
We shall provide training for our employees on the safety control of Personal Information.
-
Employees shall be obliged to maintain the confidentiality of Personal Information not only during their employment but also after they have left the company.
(ii)
Entrusted company and recipient of disclosure
We shall establish standards and rules regarding the provision of Personal Information to the company to which we entrust the supervision of third parties and third parties who have previously established public reputation and we shall ensure that the contractors and the third parties comply with these standards and rules, and we also conduct appropriate supervision and audits of the status of compliance.
5. Information of Minors
-
We do not collect, sell or share the Personal Information of anyone under 16 years of age.
6. Contact for Inquiries Regarding Requests for Disclosure of Personal Information, Complaints, Consultations.
(1)
Requests for disclosure of Personal Information
(i)
When a user or their authorized agent requests disclosure of Personal Information concerning the relevant individual, we shall respond without delay. However, in the following cases, we may disclose the Personal Information without a request from the user or their authorized agent, or may not disclose the Personal Information even if a request for disclosure is made:
-
When we determine that there is a risk of harm to the life, body, property, or other rights or interests of the user or a third party.
-
When we determine that there is a risk of significant hindrance to the proper implementation of our services or business.
-
When we determine that there is a risk of violation of laws and regulations.
(ii)
If you wish to request disclosure of your Personal Information, please contact us at the e-mail address stipulated in Section (5) “Inquiries about Personal Information”. We will send you the necessary documents to request disclosure.
(2)
Correction
When we receive a request from a user or their authorized agent to correct their Personal Information, we will investigate without delay. If, as a result, we determine that the Personal Information is untrue, that the retention period has passed, or that it has not been properly handled, we shall make corrections without delay and notify the user to that effect.
(3)
Notice of Purpose
(i)
When a user or their authorized agent requests the notice of the Purpose for use of Personal Information concerning that user, we shall notify the user without delay in the manner prescribed by us, except in the following cases:
-
When we determine that the Use of Personal Information of that individual is clear,
-
When we determine that there is a risk of harm to the life, body, property, or other rights or interests of the user or a third party,
-
When we determine that there is a risk of harm to our rights or legitimate interests, or
-
When it is necessary for a governmental agency to cooperate in performing administrative duties as prescribed by laws and regulations, and the notice is likely to impede the performance of such administrative duties.
(ii)
If you wish to request the notice of Use of your Personal Information, please contact us at the e-mail address stipulated in Section (5) “Inquiries about Personal Information”. We will send you the necessary documents to request that notice.
(4)
Complaints and consultation regarding the handling of Personal Information
We will appropriately and promptly handle complaints and other consultations regarding the use, disclosure, or correction of Personal Information and other complaints and consultations regarding the handling of Personal Information.
(5)
Contact
For any of the above (1) through (4), please contact the following consultation office.
“Inquiries about Personal Information”
pairwork-support@mail.mediba.jp
7. Changes and Updates
We will update this Privacy Policy to reflect changes or updates in use or collection of Personal Information.
Effective on April 1, 2025
Toshikazu Saito, President & CEO
Personal Information and Personal Information Protection Manager
2-13-30, Kamiosaki, Shinagawa-ku, Tokyo, Japan
media Inc.
Privacy Statement of the State of California:
The California Consumer Privacy Act (CCPA) requires mediba to provide additional information to California residents. This information is described below. This provision supplements mediba's Privacy Policy. This section applies only to California residents.
1.
Sensitive Personal Information
We do not collect, use or disclose Sensitive Personal Information from users. The term “Sensitive Personal Information” as used here refers to information as defined in the California Privacy Rights Act (such as social security number, driver’s license).
2.
Personal Information Collected
The following list describes the corresponding statutory categories of Personal Information specified by the CCPA, the sources of that Personal Information, the business/commercial purposes for collecting that Personal Information, and the categories of third parties to whom we disclose your Personal Information.
(1)
User Information (including nickname, gender and time zone)
-
CCPA category: identifiers, characteristics of protected classes
-
Sources: application users
-
Purposes: business purposes (including identity verification, maintaining, and servicing the application, analysis of usage patterns for application maintenance, quality improvement and development, sending notices and communications to users, prevention of, investigation of and response to fraud, nuisance, misuse, unauthorized use and nonpayment, investigations of Application problems)
-
Categories of third parties to whom we may disclose: contractors for development and maintenance of the Application
(2)
IP address and online identifier
-
CCPA category: online identifiers; internet or network information
-
Sources: automatic collection
-
Purposes: identity verification, provide features and functionality of Application, monitor aggregate metrics, analysis of usage patterns for application quality, maintenance, improvement and development, send notices and communications to users, prevention of, investigation of and response to fraud, nuisance, misuse, unauthorized use and nonpayment
-
Categories of third parties to whom we disclose: service providers (such as Google Inc.)
3.
California Consumer Rights to Personal Information
California consumers have certain rights regarding the handling of their Personal Information. These rights include the following:
(1)
Right to Know or Request Categories of Personal Information
You have the right to request that we disclose any Personal Information we have collected about you. You also have the right to request information about our collection, use, disclosure, share or sale of such Personal Information, including a list of the categories of Personal information collected about you and other relevant information, such as the categories of source of the information, categories of information shared or sold to third parties, and the purpose of such sharing.
(2)
Right to Request Correction
You have the right to request correction of inaccurate Personal Information.
(3)
Right to Request Deletion
You also have the right to request deletion of your Personal Information under certain circumstances, subject to exceptions provided in CCPA. Parents may submit requests to delete personal information about a minor, subject to exceptions provided in CCPA.
(4)
Right to Designate Authorized Agents
You may designate an authorized agent to exercise some of your rights. However, to protect the security of your Personal information, the authorized agent must comply with the same authentication procedures required when you exercise your rights without an agent.
(5)
Right Not to Receive Discriminatory Treatment
You have the right not to receive discriminatory treatment for the exercise of rights conferred by the CCPA.
(6)
Right to Receive Notice
You have the right to receive notice of our handling of your Personal Information by the time we collect it.
(7)
Additional Information on Exercise of Rights
You may exercise your rights as described in this Privacy Policy by following the procedures set out in Article 8 of the Basic Policy.
We may limit the number of requests we receive from you or charge a reasonable fee, to the extent permitted by law.
(8)
Contact for Privacy Inquiries
If you have any questions, concerns, or requests regarding privacy, you may make them in the manner set forth in Article 8, Section 5 of the Basic Policy.
Privacy Statement of the State of Colorado, Connecticut, Utah, and Virginia:
If you are a resident of Colorado, Connecticut, Utah, or Virginia, mediba has certain obligations, and you have certain rights with respect to your personal information, including:
(1)
Right to confirm whether mediba is processing the consumer’s personal information and the right to access such information
(2)
Right to correct inaccuracies in personal information
(3)
Right to delete personal information
(4)
Right of data portability
(5)
Right to opt out from targeted advertising
(6)
Right to opt out from the sale of personal information
In certain states, you also have the right to opt out from profiling in furtherance of decisions that produce legal or similarly significant effects on the consumer (such as Virginia, Colorado, and Connecticut) and appeal a decision regarding a request to exercise your rights.
You may exercise one or more of these rights as described in this Privacy Policy by following the procedures set out in Article 8 of the Basic Policy.