Privacy Policy

BLUE Inc. ("we", "our" or "us") shall formulate a personal information protection policy to protect the rights and interests of individuals in light of the importance of personal information in providing UI SCAN ("UI SCAN"), and implement this policy in good faith with executives and employees.

In this policy, "Personal Information" shall mean information that can directly or indirectly identify the user using one or more identifiers of users such as name, ID number, location data, on-line identifier, etc.

In accordance with General Data Protection Rule 2016 in EU ("GDPR"), we are the controllers of Personal Information and responsible for our services and websites.

Note: "Controller" of Personal Information is defined in Item 7 of article 4 of GDPR as "person who decides the purpose and method of handling personal information."

1. Personal Information Protection Policies

  1. We shall acquire, use and provide appropriate Personal Information according to the nature and scale of our business.

  2. We shall identify the purpose of use of Personal Information and take a reliable method in which the use of Personal Information does not deviate from the purpose.

  3. We shall comply with the Act on the Protection of Personal Information, guidelines established by the government, and other relevant laws and regulations.

  4. We shall take security control measures to prevent leakage, loss, deletion, or damage of Personal Information. We shall prepare appropriate measures to deal with accidents and measures to prevent the spread of damage related to Personal Information.

  5. We shall have a person in charge of inquiries to respond promptly to requests for disclosure, inquiries, and complaints about Personal Information.

  6. We shall make appropriate improvements by reviewing safety management measures in a timely manner.

2. Consent to Privacy Policy

By using UI SCAN such as accessing UI SCAN or registering with UI SCAN, the user shall agree to this policy.

3. Information We Obtain in UI SCAN and the Manner in Which It Is Obtained

Personal information collected from users and method of collection is as follows:

(1) Information provided by users: 

  1. Information obtained directly through the registration of UI SCAN by the user, or change of the registered contents or inquiry or contact from the user; 

  2. Information on profile such as name, date of birth, sex, occupation, etc.: 

  3. Contact information such as e-mail address, telephone number and address; 

  4. Information on credit card information, bank account information and other means of settlement; and

  5. Content created or uploaded by the user, or received from other users when using this Services (including uploaded design files, screen shots, and comments.)

(2) Information We Collect

We may collect information on the status of access to UI SCAN and situation of using UI SCAN. This includes the following information:

  1. Information about the equipment used to access UI SCAN, hardware models, IP addresses of the equipment, MAC addresses and other unique identifiers, OS and versions thereof, selected languages, ad identifiers, serial numbers, device operational information and mobile network information; 

  2. The type of device apps and browsers used for viewing UI SCAN and the pages viewed (including the websites of third party services used by the user before using UI SCAN); 

  3. Information on the server access log of UI SCAN; 

  4. Information about service usage (e.g., operational configuration information, number of file uploads, device orientation in case of crash, etc.); and 

  5. Cookie

Personal Information is collected using cookies, server logs, and similar technologies. The contents collected and recorded in the access log are used as server operation information that helps to improve our website and service. Also such Personal Information is used for our sending information useful for using our services and information for sales promotion depending on the status of use of users, to the users via e-mail, etc.

Contents recorded in the access log will not be used in conjunction with other Personal Information if it is used as server management information, but will be linked to user's user information and e-mail address if it is sent to the user via e-mail, etc.

(3) Information Acquired Through Services Operated by a Third Party

In the event that a user permits us to obtain the user's information through a service operated by a third party, we may obtain the user's information. In such case, we may adapt any information that we obtain from the user uniquely and the information obtained from such third party in order to improve UI SCAN and to provide advertisements that are of interest to the user.

4.  Purposes for Use Personal Information

We will use user information obtained in connection with UI SCAN for the following purposes:

  1. The purpose of providing, maintaining, protecting and improving UI SCAN such as accepting registrations, identifying users, calculating fees for use, etc. relating to UI SCAN; 

  2. The purpose of notification of information concerning the contents of UI SCAN, update information, change information of terms, etc.; 

  3. The purpose of responding to notification and inquiries about UI SCAN; 

  4. The purpose of producing statistical data on the use of UI SCAN; This will enable us to understand how the users use our services and improve our products.

  5. The purpose of troubleshooting, error resolution and service improvement; It may be necessary for us to review the design to support help requests, to correct common errors in the Service and to improve the Service.

  6. The purpose of measuring user traffic and behavior; 

  7. The purpose of future planning, drafting or implementation of UI SCAN; 

  8. The purpose of our processing payments by the user for UI SCAN; 

  9. The purpose of handling any violation of our regulations, policies, etc. with respect to UI SCAN; 

  10. The purpose of distributing, displaying and measuring the effects of advertising; 

  11. The purpose of analyzing registered information and usage conditions in order to make content and advertisements provided by third parties, which the user watch using UI SCAN, more convenient for users.

  12. The purpose of grasping the distribution status of advertisements, measuring the effectiveness of advertisements and displaying action-targeting advertisements; 

  13. The purpose of providing a part of the information to the advertising distributor (the "Advertising Distributor") that we are affiliated with (information that is used in the advertising service of such distributor and that identifies a specific individual is not included in the information that is provided); 

  14. The purpose of distribution or display of our or any third party's advertising; 

  15. The purpose of other marketing; 

  16. The purpose of investigation and response, if necessary, to the user's claim or disputes regarding the use of UI SCAN, usage in the event that it is authorized by any other applicable law and disclosure in the event that it is required by any regulatory, governmental or other competent public authority; 

  17. The purposes of incidental to the purpose of use stated in each of the preceding items; and

  18. The purpose of achievement of the purpose of use prior to the succession of business in the event that we acquire Personal Information as a result of such succession from another business operator handling Personal Information due to merger or other reasons (limited to Personal Information acquired as a result of said business succession).

4.  Restriction on Use

(1) We shall not handle Personal Information beyond the scope necessary for the achievement of the purpose of use without obtaining the prior consent of the user or other person with Personal Information; provided, however, that this shall not apply to any of the following cases:

  1. Cases based on laws and regulations; 

  2. Cases when it is necessary to protect the life, body, or property of the person (not necessarily the Person (means the specific individual identified by Personal Information. the same shall apply hereinafter)) and it is difficult to obtain the consent of the Person; 

  3. Cases in which it is particularly necessary to improve public health or promote the sound upbringing of children and in which it is difficult to obtain the consent of the Person; and 

  4. Cases in which it is necessary to cooperate with a state organ or a local government or an entrusted person in executing the affairs prescribed by laws and regulations and in which obtaining the consent of the Person is likely to impede the execution of the affairs.

(2) We shall not use Personal Information in any manner that may encourage or induce illegal or wrongful acts.

6.  Appropriate Acquisition

We shall acquire Personal Information properly and shall not acquire it through deception or other wrongful means. We make a point not to collect Personal Information from minors without the consent of the Person who has parental authority.

7. Notice on Purpose of Personal Information Acquisition

(1) In obtaining Personal Information, we shall publicly announce the purpose of use or notify the Person of the purpose of use promptly after obtaining Personal Information; provided, however, that this shall not apply to the following cases:

  1. Cases in which notifying the Person of the purpose of use or publicly announcing it are likely to harm the life, body, property or other rights or interests of the Person or a third party

  2. Cases in which notifying the Person of the purpose of use or publicly announcing it are likely to harm our rights or legitimate interests; 

  3. Cases in which it is necessary to cooperate with a state organ or a local government in executing the affairs prescribed by laws and regulations and in which notifying the Person of the purpose of use or publicly announcing it is likely to impede the execution of the affairs; and

  4. Cases in which it is considered that the purpose of use is clear in consideration of the circumstances of the acquisition.

(2) Notwithstanding the preceding clause, in the event that we acquire Personal Information of the applicable user, etc. there from upon application for use of UI SCAN, we shall clearly indicate the purpose of use set forth in this policy to such user, etc. in advance; provided, however, that this provision shall not apply when there is an urgent necessity to protect a person's life, body or property.

8. Change in the Purpose of Use

In the event of any change in the purpose of use of Personal Information, such change shall not exceed the scope reasonably recognized as having a reasonable relationship with the purpose of use prior to the change, and we shall notify the Person of or publicly announce the changed purpose of use. This shall not apply to 1. (1) to (4) of the preceding clause.

9. Provision of Information to Third Parties

(1) We may provide information that does not fall under the category of Personal Information to a third party in the following cases:

  1. Cases where we provide to business alliance companies to provide the service in response to user needs such as payment processing, data analysis and user service; 

  2. Cases where we provide to a third party that provides the functions and services on behalf of us in order to provide the various functions and services through UI SCAN; and 

  3. Cases where we provide to advertising distributors with the purpose of delivering advertisements of interest to users.

(2) We may provide acquired Personal Information to a third party in the following cases: 

  1. Cases where the user agrees; 

  2. Cases where there are sufficient grounds for us to determine that we have to disclose Personal Information to protect our rights, property, services, etc. in violation of our terms and conditions by the user; 

  3. Cases where it is necessary to protect a person's life, body or property and it is difficult to obtain the consent of the Person; 

  4. Cases where it is necessary to cooperate with a state organ, or a local government or an entrusted person, in executing the affairs prescribed by laws and regulations and where obtaining the consent of the user is likely to impede the execution of the affairs; 

  5. Cases where we are requested by a judicial or other public agency; 

  6. Cases where the business of us, including the provision of Personal Information, is succeeded to by reason of a merger, company split, business transfer, or any other reason; and 

  7. Cases where permitted by the Personal Information Protection Act of Japan or other applicable laws and regulations.

In the event that it is necessary to provide the user's Personal Information pursuant to laws and regulations for the purpose of protecting the safety of user or third parties, criminal investigations or inquiries from the government or other third parties, we may provide the user's Personal Information to the extent necessary pursuant to laws and regulations. If we provide the user's Personal Information for such inquiries from such government or other third parties, we shall notify the user of such provision unless notice is prohibited by applicable law.

We obligate all third parties to handle Personal Information safely in accordance with laws and regulations. We also obligate third parties to whom we entrust the handling of Personal Information to handle Personal Information for the purpose of consignment only, in accordance with our instructions.

In the event that GDPR applies to the handling of the user's Personal Information and that the user's Personal Information is provided to a third party located in a country that has not been adopted adequacy decision by the European Commission, we shall take protective measures such as Standard Contractual Clauses approved by the European Commission. The user can check the details of the safeguards (including a copy of the Standard Contractual Clauses) by contacting us from the inquiry page on our website.

Personal data may need to be transferred to a country outside EU region. In the event of implementing such transfers, we ensure that the data to be transferred is protected at an appropriate level.

10. Retention Period and Safety Management, etc. of Personal Information

We shall store the user's Personal Information in a form that enables the user to identify such user for a period of time that is necessary for the purpose of handling such user's Personal Information. In the event that it is necessary for compliance with laws and regulations, dispute resolution or exercise of rights, or the event that it is technically difficult to immediately erase Personal Information, we may store the user's Personal Information to the extent necessary.

We take security control measures to prevent leakage, loss, deletion or damage of Personal Information. We shall prepare appropriate measures to deal with accidents and prevent the spread of damage related to personal information. We shall cooperate in the protection of Personal Information upon entering into agreements and other agreements to ensure that Personal Information is handled appropriately by companies and individuals with whom we do business.

We make appropriate improvements by reviewing safety management measures in a timely manner.

11. Deletion of User Information       

We may retain user information while the user is in a contractual relationship with us and thereafter, but we shall not store it unnecessarily. In the event the purpose of acquisition and processing of user information is achieved, such user information shall be deleted without delay.

The period during which we store user information depends on the type of user information and the purpose of processing.

Certificates for data deletion shall be issued for a fee in the event of the user's request.

12. Records Relating to the Processing of Our User Information

We shall process user information handling records related to the processing of user information in accordance with the duties stipulated in GDPR. We shall incorporate into these records all information required to comply with GDPR and to cooperate with the regulatory authorities under GDPR.     

13. Notification of Infringement of User Information to the Competent Supervisory Authority

We have established a system and measures for promptly detecting and evaluating infringements in the event of security breaches that may result in accidental or unlawful destruction, loss, modification, or unauthorized disclosure or access to user information, which is the object of process including but not limited to the transfer and storage of such information. Depending on the results of such evaluation, we shall notify the supervisor as necessary and inform the affected user.

14. Legal Basis for the Handling of Personal Information      

In the event that GDPR applies to the handling of Personal Information of a user by us, we shall handle the user's Personal Information only the case there are the following legal grounds for the handling of Personal Information: 

  1. Contract: The case where it is necessary to handle the user's Personal Information in order to performance the contract we have concluded with the user; 

  2. Legal Obligations: The case where we need to handle the user's Personal Information in order to comply with the legal obligations; 

  3. Legitimate interests: The case where handling the user's Personal Information is necessary for the legitimate interests sought by us or a third party and where the user's interests and fundamental rights do not supersede such legitimate interests of us; and

  4. Agreement: The case where the user agrees to handle Personal Information by us; provided, however, that the user may withdraw such consent at any time. In such case, such withdrawal of the consent by the user shall not affect the legality of the handling of Personal Information made by us pursuant to the user's consent prior to such withdrawal.

If the user has any questions about details of legitimate profit, please contact us from our inquiry page.

15. Users' Rights

The user has several legal rights with respect to the Personal Information which we hold with respect to the user. These rights may vary depending on the user's location and the data protection legislation applicable to the relationship between the user and us. Such rights typically include following items:

(1) Access rights to Personal Information; 

It means the rights to access to relevant information including: Personal information held by us; the purpose of handling the Personal Information; the recipient or scope of the Personal Information; the period during which the Personal Information is stored (if impossible, the standard used to determine the period); whether the user has the right to challenge the regulatory body or not; the right to access the information with respect to the source of the Personal information; and whether there is an automatic decision or not.

(2) Right to correct Personal Information; 

It means the right to require correction from us in the event that the user's Personal Information is inaccurate or incomplete.

(3) Right to erase Personal Information; 

It means the right to require us to erase the user's Personal Information in certain circumstances, including the following events: 

The event that we no longer need to store the user's Personal Information for the purpose for which we collected the user's Personal Information; 

The event that we are able to handle Personal Information only with the user's consent and the user withdraws his/her consent; and

The event that the user disputes the handling of Personal Information based on legitimate interests made by us and such legitimate interests do not prevail over the user's interests, rights and freedoms.

(4) Right to demand restrictions on the handling of Personal Information; 

It means the right to restrict the handling of Personal Information of the user in certain circumstances, including the following events: 

  1. The event that the user dispute the accuracy of the user's Personal Information (limited to the period necessary for us to confirm the accuracy of the user's Personal Information); 

  2. The event that it becomes unnecessary for us to deal with Personal Information for any purpose other than the filing, exercise or defense to, any legal claim; and 

  3. The event that the user objects to the handling of Personal Information based on legitimate interests that we conduct (limited to the period necessary for us to determine whether legitimate interests supersede the interests, rights and freedoms of the user.)

(5)  Right to object; 

It means the right to raise objections against us with regard to the handling of Personal Information of users.

(6) Data portability lights.

It means the right, in the event that we receive Personal Information provided by the user deals with Personal Information on legal grounds of consent or contract, to receive in a structured, commonly used, machine-readable form or to require us to transfer Personal Information directly to third parties to the extent technically feasible.

The user may file a complaint with a competent data-protection authority in the event that the user believes that we do not comply with this policy or any of the obligations under GDPR.

16. Disclosure of Personal Information

Upon receipt of a request for disclosure of Personal Information from a user, we shall confirm that the request is from the user and respond as follows in accordance with the provisions of the Personal Information Protection Act of Japan; provided, however, that this provision shall not apply in the event that we are not obliged to disclose Personal Information under the Personal Information Protection Act of Japan or other applicable laws and regulations. In the event that disclosure of Personal Information significantly interferes with the performance of our ordinary business operations, the event that such disclosure is likely to violate the provisions of laws and regulations, or the event that such disclosure may interfere with the safety management of Personal Information, we may not be able to respond as requested by the user.

Please note that a fee of One Thousand Japanese Yen (1,000 JPY) per case will be charged for the disclosure of Personal Information.

(1) Disclosure of Personal Information and Records Provided to Third Parties; 

In the event that a user requests disclosure of Personal Information or records relating to the provision of Personal Information to any third party, we shall disclose such information to the user by providing electromagnetic records or by means of delivery in writing without delay.

(2) Correction, etc. of Personal Information; 

Upon receipt of a request from a user for correction, addition, or deletion (the "Correction, etc.") of the Personal Information for the reasons the Personal Information is not factual, we shall conduct the necessary investigation without delay, and based on the results, we shall conduct the Correction, etc. on the Personal Information and notify the user to that effect.

(3) Suspension of Use, Deletion, and Suspension of Provision of Personal Information to Third Parties; 

In the event that we requested by a user to discontinue using or erase ("Suspension of Use, etc.") Personal Information or to discontinue provision to a third party on the grounds of violation of the Personal Information Protection Act of Japan listed below, we shall conduct necessary investigations without delay, and based on the results of such investigations, we shall conduct Suspension of Use, etc. or discontinuance of provision of such Personal Information to a third party and shall notify the user to that effect:

  1. The event that Personal Information is handled beyond the scope of the purpose of use (Suspension of Use, etc.); 

  2. The event that we have acquired by illegal means (Suspension of Use, etc.); 

  3. The event that Personal Information is provided to a third party without the consent of the Person and in violation of the Personal Information Protection Act of Japan (suspension of provision to a third party); 

  4. The event that Personal Information no longer needs to be used (Suspension of Use, etc. or suspension of provision to a third party); and 

  5. The event that Personal Information is leaked (Suspension of Use, etc., or suspension of provision to a third party.)           

17. About SSL/TLS

UI SCAN uses SSL/TLS to protect Personal Information. SSL/TLS automatically encrypt Personal Information when the user accesses UI SCAN, enters Personal Information such as name and e-mail address, and sends such Personal Information to our server in the event that the user uses a browser with a security function in such cases. Accordingly, even though a third party intercepts Personal Information sent by the user, such third party cannot decode the contents of such personal information.

If the user uses browsers for which SSL is not available, the user may not be able to access or load the data from UI SCAN.

18. About Cookies

We automatically acquire information related to our website browsing such as the internet domain name, IP address, and information related to intra-site search. The Cookies (information sent from the server to the user's browser and stored on the user's computer to identify the user on the server side) are limited to content intended to improve usability, and do not include any Personal Information.

We use cookies primarily for the following purposes:

  1. To ensure that the user is not needed to enter a password each time such user uses UI SCAN; 

  2. To provide our website and our services with specifications suited to each and every user; and 

  3. To analyze the activities of users who use UI SCAN (We may use the analysis results to guide users or promote sales.)

19. About Google Analytics   

Several pages of our websites use Google's Google Analytics servicing to help us to understand the status of user's visits to the website. In the event that we use Google Analytics on our website, Google collects, records, and analyzes the visiting history of the user to such website based on the cookies we issue. We receive such- analyses from Google and track the user's visits to the website. The user's information collected, recorded, and analyzed by Google Analytics does not include any information that identifies a particular individual. They are also managed by Google in accordance with our privacy policy.

The user can disable Google Analytics in the browser's add-on settings if the user wish to stop using our Google Analytics from collecting the user's data. The user can disable Google Analytics by downloading and installing Google Analytics Opt-Out Add-On from Google download page and changing the browser's add-on settings. If the user disables Google Analytics, Google Analytics will also be disabled on websites other than those that the user visits. If the user wants to re-enable Google Analytics, the user can re-configure the browser add-on. See Google Analytics website for instructions on Google Analytics Terms of **Use and Google Privacy Policy website.

■ Google Analytics Terms of Service
https://marketingplatform.google.com/about/analytics/terms/us/

■ Google's Privacy Policy & Terms
https://policies.google.com/privacy?hl=en-US

■ Google Analytics opt-out add-on
https://tools.google.com/dlpage/gaoptout?hl=en-US             

20. Link

The website and services provided by business operators other than us that are linked from UI SCAN may be used by such business operators to obtain user information, but in such cases, this policy shall not apply, and we shall not assume any obligation or responsibility with respect to such acquisition of user information by such businesses operators.

21. Inquiries About Personal Information

In the event that a request for disclosure, correction, or Suspension of Use, etc. of Personal Information is made by the Person, we will make efforts to respond appropriately after confirming that such request is the request of the Person. We will also make efforts to respond appropriately to questions and complaints regarding the handling of Personal Information.

For further inquiries, please contact us from the following.

22. Privacy Policy Change Procedures

We may amend or update this policy as needed. In the event of any material amendment or update, we shall send to the member notice of such amendment or update by e-mail or other means. In the event that a member uses UI SCAN after such notice, such member shall be deemed to have agreed to amend or update the policy to the extent permitted by applicable law.

We recommend that the members review this policy on a regular basis to confirm the latest information.

 

November  6, 2023

BLUE Inc.
Representative Director, Makoto Katsura