JP / EN

Privacy policy

HEARTBEATS Inc. (“HEARTBEATS”) (Address: Kasuga-cho Building 7F, 1-33-13 Hongo, Bunkyo-ku, Tokyo; Representative: Yuta Umesawa; hereinafter referred to as “the Company”) recognizes the importance of protecting personal information and, in compliance with the Act on the Protection of Personal Information (hereinafter the “APPI”), handles personal information appropriately in accordance with the following privacy policy (hereinafter this “Privacy Policy”).
In addition, the Company may establish a separate privacy policy for each of the services provided by the Company (hereinafter the “Company’s Services”). In such cases, the handling of personal information in the relevant Company’s Services shall be governed by the respective privacy policies established for such Company’s Services.

1. Collection of Personal Information

The Company shall collect the following types of personal information:

(1) Information collected via the Company’s Services and Website

①Information provided directly during the course of the Company’s Services:

  • Name, date of birth, gender, occupation, and other profile-related information;
  • Email address, phone number, physical address, and other contact information;
  • Credit card details, bank account information, electronic money details, and other payment method information;
  • Still images containing the portrait/likeness of the individual who is the subject of the personal information (hereinafter, the “Individual”) transmitted to the Company’s Services;
  • The Individual’s usage history of the Company’s Services;
  • The Individual’s behavioral history input or transmitted to the Company’s Services via Services’ features; and
  • Other information manually input or sent to the Company’s Services by the Individual.

② Information Provided via External Services:

Information provided by other external services when the Individual logs in using external service IDs/accounts or allows such accounts to be linked to the Company’s Services:

  • IDs used by the Individual in these external services; and
  • Other information the Individual authorizes for disclosure to linked partners in accordance with the privacy settings of said external services.

③ Information Collected Automatically:

  • Device information;
  • Referrer;
  • IP address;
  • Information related to server access logs;
  • Cookies, ADIDs, IDFAs, and other identifiers;
  • Location information;
  • Device camera images;
  • Camera and image data.
(2) Personal Information of Job Applicants

Name, gender, address, date of birth, phone number, face photograph, academic background, work history, email address, and other information stated in resumes and curriculum vitae.

(3) Personal Information of Officers, Employees and their Families, and Former Employees

Name, gender, date of birth, contact information (address, phone number, email address, etc.), face photograph, background, employee number or other uniquely assigned identification numbers, affiliation, job title, grade, work history, transfer history, information regarding job authority, family information, and other related attributes (excluding Specific Personal Information*).

Personnel evaluations, awards, disciplinary actions, salary, bonuses, retirement allowance, corporate pension, social insurance, attendance records, information regarding ceremonial occasions (congratulations and condolences), and other information related to Personnel management and employee benefits.

Education and training history, professional qualifications, results of various assessments, and other information regarding the employee’s skills and abilities.

Any other information acquired or maintained for the purposes of personnel and business management.

2. Purpose of Use

The Company uses personal information for the following purposes:

(1) Related to the Company’s Services
  • Provision, maintenance, protection, and improvement of the Company’s Services;
  • Billing and calculation of fees for the Company’s Services;
  • Personal authentication, delivery and display of advertisements and content based on personal authentication attribute information, device information, usage history, behavioral history, location information and other information, and provision of campaigns during the course of the Company’s Services;
  • Advertisements and other marketing activities within the Company’s Services;
  • Provision of personal information to partners necessary for providing content of the Company’s Services, based on the Individual’s consent or application;
  • Sending via email information regarding the Company’s Services and other services and products to the Individual’s email address;
  • Conducting campaigns, surveys, monitors, and interviews,;
  • Contacting and notifying the Individual;
  • Prevention of and responding to fraudulent acts, potentially illegal behavior, or violations of the Company’s Terms of Use and policies;
  • Creation and analysis of statistical data processed in a form that cannot identify individuals;
  • Mailing or delivering goods or prizes based on the Individual’s consent or request.
(2) Related to the Company’s Recruitment
  • Recruitment screening, acceptance and implementation of recruitment applications, notification of recruitment results, and other measures necessary for recruitment activities.
(3) Related to the Company’s employment management
  • Business communications, attendance management, rayroll, expense settlement, appropriate personnel allocation, evaluation, skill development, welfare programs, safety and health management, and other labor management, as well as the performance of obligations prescribed by labor, tax, and social welfare laws;
  • Performance of procedures stipulated in the Company’s internal regulations;
  • Communication with health insurance associations, corporate pension funds, and other welfare-related organizations;
  • Employment management of applicants who joins the Company.

3. Change of Purpose of Use

The Company may change the purposes of use of personal information to the extent reasonably recognized as relevant, and shall notify or publicly disclose such changes to the Individuals.

4. Limitations on the Use of Personal Information

Absent the consent of the Individual, the Company shall not handle personal information beyond the scope necessary to achieve the purposes of use; provided, however, that this shall not apply in the following cases:

  1. When necessary to protect the human life, body, or property, and it is difficult to obtain the Individual’s consent;
  2. When particularly necessary to improve public health or promote the healthy growth of children, and it is difficult to obtain the Individual’s consent;
  3. When necessary to cooperate with national authorities, local governments, or their delegates in the execution of affairs prescribed by laws and regulations, and obtaining consent from the Individual may hinder such execution; and
  4. When required by laws and/or regulations.

5. Proper Acquisition

The Company shall acquire Individual Information properly, and shall not acquire it through deception or other improper means. In addition, the Company shall not acquire sensitive personal information (“special case-required information”) without the prior consent of the Individual.

6. Security Management of Personal Information

The Company has implemented the following security management measures, and strives for the proper handling of personal data.

(1) Establishment of Basic Policies
In order to ensure the proper handling of personal data throughout the organization, the Company establishes a personal information protection policy, makes it thoroughly known to and observed by its officers, employees and others.

(2) Preparation of Rules Regarding Handling of Personal Data
The Company formulates internal regulations for handling personal data, setting forth handling methods, responsible persons and persons in charge, and their respective duties at various stages of handling personal information such as acquisition, use, storage, provision, deletion and disposal.

(3) Organizational Security Management Measures
The Company appoints a person responsible for handling personal data, clarifying the scope of handled personal data by which employees, and establishes a reporting system to facilitate the reporting of facts or signs of violations of laws or handling procedures to the responsible person. In addition, the Company regularly conducts self-inspections and audits through its internal audit organization on the handling of personal data.

(4) Human Security Management Measures
The Company provides regular training to employees on matters that require attention in connection with to the handling of personal data, and prescribes confidentiality obligations regarding personal data in its employment rules.

(5) Physical Security Management Measures
The Company controls the entry and exit of employees in areas where personal information is handled, and takes measures to prevent unauthorized persons from viewing personal information. In addition, the Company takes measures to prevent theft or loss of the devices, electronic media, documents etc. that contain personal information, as well as measures to prevent personal information from being easily identified when these devices, electronic media etc. are carried around even on or within the Company’s premises.

(6) Technical Security Management Measures
The Company implements access restrictions to limit the persons who can handle personal information databases and the scope of personal information databases to be handled. In addition, the Company implements measures to protect the information systems used to handle personal data from unauthorized access by external parties.

(7) Understanding of External Environments
When handling personal data on servers located outside of Japan, the Company constantly obtains the latest information on the personal information protection regulations of such countries and take security management measures in accordance with such regulations.

7. Provision to Third Parties

(1) The Company may share or provide personal information to third parties in the following instances:

  1. After obtaining the consent of the Individual;
  2. When delegating the handling of personal information, in whole or in part, to third parties, to the extent necessary to achieve the purposes of use;
  3. In connection with a merger or business succession;
  4. When required to cooperate with national or local authorities, or their delegates during the course of their execution of affairs prescribed by laws and/or regulations, while obtaining the consent of the Individual may hinder such execution of affairs; and
  5. When permitted under the APPI or other laws and regulations

(2) Notwithstanding the provisions of (1), except in instances falling under any of the paragraphs of Section 4, when the Company provides personal information to a third party located in a foreign country (excluding countries specified by rules of the Personal Information Protection Commission pursuant to Article 28 of the APPI), or to a third party that has not established a system that conforms with the standards designated by rules of the Personal Information Protection Commission pursuant to Article 28 of the APPI, the Company shall obtain the Individual’s prior consent permitting the provision of information to a third party in a foreign country.

(3) When providing personal information to a third party, the Company shall create and retain records in accordance with Article 29 of the APPI.

(4) When receiving personal information from a third party, the Company shall perform the necessary confirmation and create and retain records of such confirmation in accordance with Article 30 of the APPI.

8. Joint Use

The Company will jointly use personal information as follows:

(1) Items of personal information to be used jointly
Information specified in Section 1

(2) Scope of joint users
In addition to the Company, partner companies involved in the provision of the Company’s Services

(3) Purpose of use by users
Same as the purposes of use specified in Section 2

(4) Name of the entity responsible for managing the above personal information
HEARTBEATS Inc.

9. Disclosure of Retained Personal Data

Upon a request from an Individual for the disclosure of retained personal data or records of third parties provision under the relevant provisions of the APPI, the Company shall, after verifying that the request is indeed from the Individual, promptly disclose the requested information to the Individual (if there is no such held personal data or records of provision to third parties, the Company shall notify the Individual thereof.); provided, however, that the foregoing provision does not apply if the Company is not obligated to disclose under the APPI or other laws and regulations.

10. Correction of Retained Personal Data

If the Company receives a request from an Individual for the correction, addition, or deletion (hereinafter, “Correction, etc.”) of the contents of retained personal data pursuant to the provisions of the APPI on the grounds that the personal data is inaccurate, after confirming that the request is indeed from the Individual, the Company shall promptly conduct the necessary investigation, to the extent necessary to achieve the purposes of use, and then make Correction, etc. based on the results of such investigations, and notify the Individual accordingly (the Company shall notify the Individual if a decision is made not to make Correction, etc.); provided, however, that the foregoing provision does not apply if the Company is not obligated to make Correction, etc. under the APPI or other laws and regulations.

11. Suspension of Use of Retained Personal Data

If the Company receives a request from an Individual for suspension of use or deletion (the “Suspension of Use, etc.”) of retained personal data, pursuant to the provisions of the APPI, on the grounds that the Individual’s personal data is being handled beyond the scope of the pre-announced purposes of use or has been acquired through fraudulent or other improper means, or receives a request for the suspension of provision to a third party (the “Suspension of Provision”), pursuant to the provisions of the APPI, on the grounds that the personal data has been provided to a third party without the Individual’s consent, and when such request is found to be of merit, the Company shall, after confirming that the request is indeed from the Individual, promptly perform the Suspension of Use or the Suspension of Provision (as the case maybe) or the retained personal data and notify the Individual accordingly; provided, however, that the foregoing provision does not apply if the Company is not obligated to suspend the use or third-party provision under the APPI or other laws and regulations.

12. Public Information Related to Provision of Anonymized Information

When the Company produces anonymized information (information that personal information is processed in such a way that specific individuals cannot be identified and the anonymized information cannot be restored) in accordance with the immediately following paragraph, the Company shall take security management measures to ensure that proper anonymized processing is carried out and that information that could lead to recovery is not divulged.

The anonymized information created and provided by the Company may include the following items:

  • 1. Age (year and month of birth)
  • 2. Gender
  • 3. Residential area (to the city or district level)
  • 4. Behavioral history
  • 5. Purchase history

When providing the anonymized information to third parties, the Company shall indicate to the recipients that the information being provided is anonymized, and shall provide it through electronic communication means (such as by sending data files or uploading to servers) after ensuring an appropriate level of security.

13. Use of Cookies and Other Technologies

The Company’s Services may use cookies and similar technologies. These technologies help the Company understand usage of the Services and improve the Services. Individuals who wish to disable cookies can do so by changing their web browser settings. However, please note, that some of the Company’s Services may not function properly if cookies are disabled.

14. Contact Information

Send any requests for disclosure, opinions, questions, complaints, or other inquiries regarding the handling of personal information to the following address by mail:

HEARTBEATS Inc.
7th Floor, Kasuga-cho Building, 1-33-13 Hongo, Bunkyo-ku, Tokyo, Japan, Postal Code 113-0033

We accept inquiries via contact forms or emails. We do not accept requests and similar communications made in person at our office.

15. Procedures for Changing the Privacy Policy

  1. The Company reserves the right to change this Privacy Policy at any time, and at its sole discretion, without prior notice to Individuals.
  2. When changes to this Privacy Policy are made, the Company shall publicize such changes on its website or otherwise notify Individuals of the effective date and content of the changes by appropriate means.
  3. By using the Company’s Service after being notified of changes to this Privacy Policy or after being aware of the changes to this Privacy Policy, the Individual is deemed to have validly and irrevocably consented to the revised Privacy Policy.

End